|
EtherealRe: [Ethereal-users] Filtering records |
|
||
|
|
EtherealRe: [Ethereal-users] Filtering records |
|
||
On Mon, Nov 06, 2000 at 01:41:52PM +0200, Eyal Rif wrote: > for example this doesn't work: > > tethereal -n -ta -V (ip.src == 192.168.2.115 and ip.dst == 192.168.2.5) -r > /tmp/sniff.log For one thing, parentheses are shell metacharacters for most (if not all) UNIX shells (definitely for Bourne-shell-compatible and C-shell-compatible shells), so you can't use them with most UNIX shells without quoting them (or quoting the expression as a whole). The parentheses aren't necessary in this case, however - enclosing an entire expression in parentheses doesn't do anything. Furthermore, the man page says SYNOPSYS tethereal [ -c count ] [ -f filter expression ] [ -F file format ] [ -h ] [ -i interface ] [ -l ] [ -n ] [ -o preference setting ] ... [ -p ] [ -r infile ] [ -R filter expression ] [ -s snaplen ] [ -t time stamp format ] [ -v ] [ -V ] [ -w savefile ] [ -x ] [ filter expression ] which indicates that the filter expression must come *after* all the command-line flags, such as "-r", so even if you remove the parentheses, or put the expression in quotes, Tethereal won't treat the "-r /tmp/sniff.log" as a command-line flag to specify which file to read. Instead, you have to do something such as tethereal -n -ta -V -r /tmp/sniff.log ip.src == 192.168.2.115 and ip.dst == 192.168.2.5 > Another question is whether I can apply filers rules into a file and then > use the file contents as a filter ? Yes, but you have to do it with tethereal -n -ta -V -r /tmp/sniff.log "`cat filter_expression_file`" Ethereal/Tethereal *themselves* have no mechanism to do that.
Powered by MHonArc 2.6.10