diff options
author | Guy Harris <guy@alum.mit.edu> | 2003-12-08 22:24:36 +0000 |
---|---|---|
committer | Guy Harris <guy@alum.mit.edu> | 2003-12-08 22:24:36 +0000 |
commit | d9776e53870334db9a0be6b631be45c04dfaceb8 (patch) | |
tree | 4ffd1e611b32a76a223fbd267c98804945d70b6a | |
parent | 0519141ac950ea3c6dae67f19c4a4ad0cbdd91d8 (diff) |
Note the types of fields for which the "contains" operator is available.
Always capitalize the names "Ethereal" and "Tethereal" (we don't
capitalize the command names, however, as they're all-lower-case).
Note that you can find out from the GUI whether Ethereal was built with
the PCRE library or not.
Fix a typo.
svn path=/trunk/; revision=9211
-rw-r--r-- | doc/ethereal-filter.pod.template | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/doc/ethereal-filter.pod.template b/doc/ethereal-filter.pod.template index 1264cc74ea..693a15091e 100644 --- a/doc/ethereal-filter.pod.template +++ b/doc/ethereal-filter.pod.template @@ -12,7 +12,7 @@ S<[ B<-R> "filter expression" ]> =head1 DESCRIPTION -B<ethereal> and B<tethereal> share a powerful filter engine that help remove +B<Ethereal> and B<Tethereal> share a powerful filter engine that help remove the noise from a packet trace and let you see only the packets that interest you. If a packet meets the requirements expressed in your filter, then it is displayed in the list of packets. Display filters let you compare the @@ -20,7 +20,7 @@ fields within a protocol against a specific value, compare fields against fields, and to check the existence of specified fields or protocols. Filters are also used by other features such as statistics generation and -packet list colorization (the latter is only available to B<ethereal>). This +packet list colorization (the latter is only available to B<Ethereal>). This manual page describes their syntax and provides a comprehensive reference of filter fields. @@ -36,8 +36,8 @@ that contain a Token-Ring RIF field, use "tr.rif". Think of a protocol or field in a filter as implicitly having the "exists" operator. -Note: all protocol and field names that are available in B<ethereal> and -B<tethereal> filters are listed in the B<FILTER PROTOCOL REFERENCE> (see +Note: all protocol and field names that are available in B<Ethereal> and +B<Tethereal> filters are listed in the B<FILTER PROTOCOL REFERENCE> (see below). =head2 Comparison operators @@ -61,15 +61,19 @@ Additional operators exist expressed only in English, not punctuation: matches Does the text string match the given Perl regular expression The "contains" operator allows a filter to search for any sequence of -characters that may occur in a protocol or field. To search for a given HTTP +characters that may occur in a protocol or field. The "contains" +operator is only implemented for protocols (in which case the sequence +of characters is searched for in the data for that protocol), text +fields, and raw data fields. For example, to search for a given HTTP URL in a capture, the following filter can be used: http contains "http://www.ethereal.com" -The "matches" operator allows a filter to apply to a specified Perl-compatible -regular expression (PCRE). Due to the nature of regular expressions, the -"contains" operator is only implemented for fields with a text string -representation. To search for a given WAP WSP User-Agent, one can write: +The "matches" operator allows a filter to apply to a specified +Perl-compatible regular expression (PCRE). Due to the nature of regular +expressions, the "matches" operator is only implemented for fields with +a text string representation. For example, to search for a given WAP +WSP User-Agent, one can write: wsp.user_agent matches "(?i)cldc" @@ -79,12 +83,15 @@ a case-insensitive pattern match. More information on PCRE can be found in the pcrepattern(3) man page (Perl Regular Expressions are explained in B<http://www.perldoc.com/perl5.8.0/pod/perlre.html>). -Note: the "matches" operator is only available if B<ethereal> or B<tethereal> +Note: the "matches" operator is only available if B<Ethereal> or B<Tethereal> have been compiled with the PCRE library. This can be checked by running: ethereal -v tethereal -v +or selecting the "About Ethereal" item from the "Help" menu in +B<Ethereal>. + =head2 Protocol field types Furthermore, each protocol field is typed. The types are: |