Solutions Fast Track

 < Day Day Up > 



Writing Capture Filters

  • Capture filters operate quickly and are good for limiting the number of packets captured by Ethereal.

  • The capture filter language has keywords for comparing host names and addresses, hardware addresses, ports, and protocols.

  • Tcpdump can dissect many protocols and fields, but only a handful of those protocols and fields are available in the tcpdump filter (or “capture filter”) language.

  • To test individual fields in a bit-field correctly, you must use the bitwise AND operator: &.

Writing Display Filters

  • Display filters are slower than capture filters, but allow you to test almost any field or protocol that Ethereal knows how to dissect.

  • Display filter fields are typed; each type of field can hold only certain types of values.

  • The contains operator searches for text; the matches operator searches using regular expressions.

  • Take care when testing fields that occur multiple times in a packet; the way you might think to test these fields may be the wrong way.

  • The Capture Filter and Display Filter dialog boxes let you save your filters.

  • The Filter Expression dialog box lets you create display filters by pointing and clicking.



 < Day Day Up > 



Ethereal Packet Sniffing
Ethereal Packet Sniffing (Syngress)
ISBN: 1932266828
EAN: 2147483647
Year: 2004
Pages: 105
Authors: Syngress

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net