-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------
Hi, I am looking for the tethereal capture filter
syntax for capturing multiple ports (2 to 5 ports).
Details follow.
Re:
http://www.ethereal.com/lists/ethereal-dev/200008/msg00027.html
Re: tethereal -f "(host foo and tcp port X) and (host
bar and tcp port Y)"
The above referenced command does not seem to work for
me (can't capture packets).
See below.
Thanks.
Tom
~~~~~~
With the following two commands, I am able to capture
packets:
[root@root]# tethereal -f "port 5060" -w test11.cap
Capturing on eth0
70
[root@root]# tethereal -f "(port 5060)" -w test12.cap
Capturing on eth0
36
~~~~
THIS IS THE PROBLEM:
With the following command, I am NOT able to capture
packets: (Note: it says it is capturing but it is
actually not capturing)
[root@root]# tethereal -f "(port 5060) and (port
8688)" -w test13.cap
Capturing on eth0
~~~~~
The following is a syntax error:
[root@root]# tethereal -f "(port 5060)" and "(port
8688)" -w test15.cap
tethereal: Unable to parse capture filter string
(syntax error).
~~~~~~~
MY CONFIG:
[root@root]# tethereal -h
This is GNU tethereal 0.10.10
(C) 1998-2004 Gerald Combs <gerald@xxxxxxxxxxxx>
Compiled with GLib 1.2.10, with libpcap 0.7.2, with
libz 1.1.4, without libpcre,
without UCD-SNMP or Net-SNMP, without ADNS.
NOTE: this build doesn't support the "matches"
operator for Ethereal filter
syntax.
Running with libpcap (version unknown) on Linux
2.4.21-32.EL.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users
