beautypg.com

Building display filter expressions, Display filter fields, Comparing values – Lucent Technologies Ethereal User Manual

Page 119: Section 6.3

background image

6.3. Building display filter expressions

Ethereal provides a simple but powerful display filter language that you can build quite complex fil-
ter expressions with. You can compare values in packets as well as combine expressions into more
specific expressions. The following sections provide more information on doing this.

Tip!

You will find a lot of Display Filter examples at the Ethereal Wiki Display Filter
page at

http://wiki.ethereal.com/DisplayFilters

.

6.3.1. Display filter fields

Every field in the packet details pane can be used as a filter string, this will result in showing only
the packets where this field exists. For example: the filter string: tcp will show all packets contain-
ing the tcp protocol.

There is a complete list of all filter fields available through the menu item "Help/Supported Proto-
cols" in the page "Display Filter Fields" of the upcoming dialog.

XXX - add some more info here and a link to the statusbar info.

6.3.2. Comparing values

You can build display filters that compare values using a number of different comparison operators.
They are shown in

Table 6.2, “Display Filter comparison operators”

.

Tip!

You can use English and C-like terms in the same way, they can even be mixed in a
filter string!

Table 6.2. Display Filter comparison operators

English

C-like

Description and example

eq

==

Equal

ip.addr==10.0.0.5

ne

!=

Not equal

ip.addr!=10.0.0.5

gt

>

Greater than

frame.pkt_len > 10

lt

<

Less than

Working with captured packets

105

See also other documents in the category Lucent Technologies Hardware: