Re: [Ethereal-users] Question

[Guy Harris <guy@xxxxxxxxxx>]

On Mon, May 06, 2002 at 05:38:30PM -0400, Justin Birtwell wrote:
> I've downloaded your product

Well, our program, anyway.  We're not a commercial organization (the
".com" in our domain name nonwithstanding - "ethereal.org" was already
taken), so it's not really a "product" in the sense that many would
think of a "product".

> and I'm getting an error "Unable to parse filtering string".
> 
> I'm running a small network through my Linksys router.  I'd like to be
> able to track the packets over another machine (192.68.1.102) from my
> machine (192.68.1.100).
> 
> My filter was set to 
> tcp 80 add host 192.68.1.102
> 
> My IP is 192.168.1.100
> 
> Forgive me if this is a simple question, but what am I doing wrong?

You're supplying an invalid capture filter expression.

The syntax of capture filters can be found in the documentation for
tcpdump/WinDump (as tcpdump/WinDump and Ethereal use the same library
for capturing packets).

On a UNIX-flavored OS, "man tcpdump" will show you the man page for the
version of tcpdump on your system, or

	http://www.ethereal.com/tcpdump.8.html

will give you a man page for *a* version (which may not match your
version, so your version may allow additional expressions, for example).

On Windows, you can get the WinDump man page from

	http://windump.polito.it/docs/manual.htm

Look for the section that has "selects which packets will be dumped" in
it.

If your goal is to capture only TCP port 80 traffic (HTTP) traffic to or
from 192.68.1.102, the expression would be

	host 192.68.1.102 and tcp port 80