Packet Capture: Packet Analyzers - Page 4

By  O'Reilly Press | Nov 27, 2001
Page 4 of 4   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

1.6.1.2. Display filters

Display filters allow you to selectively display data that has been captured. At the bottom of the window shown in Figure 1-1, there is a box for creating display filters. As previously noted, display filters have their own syntax. The ethereal documentation describes this syntax in great detail. In this case, I have entered http to limit the displayed traffic to web traffic. I could just as easily enter any number of other different protocols -- ip, udp, icmp, arp, dns, etc.

The real power of ethereal 's display filters comes when you realize that you don't really need to understand the syntax of display filters to start using them. You can select a field from the center pane and then select Display Match Selected, and ethereal will construct and apply the filter for you. Of course, not every field is useful, but it doesn't take much practice to see what works and what doesn't work.

The primary limitation of this approach comes in constructing compound filters. If you want to capture all the traffic to or from a computer, you won't be able to match a single field. But you should be able to discover the syntax for each of the pieces. Once you know that ip.src==205.153.63.30 matches all IP traffic with 205.153.63.30 as its source and that ip.dst==205.153.63.30 matches all IP traffic to 205.153.63.30, it isn't difficult to come up with the filter you need, ip.src==205.153.63.30 or ip.dst==205.153.63.30. Display filters are really very intuitive, so you should have little trouble learning how to use them.

Perhaps more than any other tool described in this book, ethereal is constantly being changed and improved. While this book was being written, new versions were appearing at the rate of about once a month. So you should not be surprised if ethereal looks a little different from what is described here. Fortunately, ethereal is a well-developed program that is very intuitive to use. You should have little trouble going on from here.

Network Troubleshooting Tools - click to go to publisher's site

--
The next segment from Network Troubleshooting Tools will cover the Dark Side of Packet Capture.


jfreund@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >