during capture, the filters have to be expressed with the pcap syntax (the one used with tcpdump for example) because they are handled by pcap so type ip host 10.1.5.2 (or : host ip x.y.z.t) instead of ip.addr == 10.1.5.2 the latter is the ethereal display filter syntax, which is quite different hth A 10:58 13/10/2003 +0100, vous avez écrit : >Hi folks, > >I'm trying to track down a problem with one of my PC's and I want to monitor >IP traffic in/out of it so I've installed Ethereal & Ethereal-gnome which >should allow me to do what I want. > >However, I'm having trouble with the filter. According to the man page I >should be able to just put > >ip.addr == 10.1.5.2 > >or > >ip.addr eq 10.1.5.2 > >into the filter field on the 'Capture Options' window, but both come up with >parser errors. > >Anyone know what I should be putting in? > >-- >Gary Stainburn > >This email does not contain private or confidential material as it >may be snooped on by interested government parties for unknown >and undisclosed purposes - Regulation of Investigatory Powers Act, 2000 > > >-- >redhat-list mailing list >unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe >https://www.redhat.com/mailman/listinfo/redhat-list > > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
