Ethereal

Re: [Ethereal-users] Filtering
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: June 2004

 

The FAQ refers you to the tcpdump(8) man page on capture filters - which
is *NOT* helpful (as in the FAQ5.11
http://www.ethereal.com/faq.html#q5.11). I find the syntax bloody
difficult and the tcpdump man page one of the worst places to go to when
tyring to make a new capture syntax.

I keep coming back to this page http://home.insight.rr.com/procana/

The new syngress book "Ethereal Packet Sniffing" by Angela Orebaugh has
quite a good chapter on capture filtering

For your situation you are talking about a capture filter - try "!host
10.100.0.124" or "not host 10.100.0.124"
BUT - if you already have a capture and want to eliminate your own IP
then check out the display filter - try "ip.addr != 10.100.0.124"

With both examples -  no quotes, and replace the address with your own
;-)

The syntax for filtering during capture (capture filter) and filtering
post-capture (display filter) are very very different

Regards
Dave

>>> gatyo@xxxxxxxxxxx 3/06/04 20:43:35 >>>
Hi,

I searched the whole documentation and I can't find how to filter the
packets so my ip isn't showing, but all others are...I don't want to see
my IP in the captured list. Can you tell me what filter should I put?

Thanks

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.