Lucent Technologies Ethereal ユーザーズマニュアル
English
C-like
Description and example
frame.pkt_len < 128
ge
>=
Greater than or equal to
frame.pkt_len ge 0x100
le
<=
Less than or equal to
frame.pkt_len <= 0x20
In addition, all protocol fields are typed.
provides a list of
the types and example of how to express them.
Table 6.3. Display Filter Field Types
Type
Example
Unsigned integer (8-bit, 16-bit, 24-bit, 32-bit)
You can express integers in decimal, octal, or hexa-
decimal. The following display filters are equivalent:
decimal. The following display filters are equivalent:
ip.len le 1500
ip.len le 02734
ip.len le 0x436
ip.len le 02734
ip.len le 0x436
Signed integer (8-bit, 16-bit, 24-bit, 32-bit)
Boolean
A boolean field is present in the protocol decode only
if its value is true. For example, tcp.flags.syn is
present, and thus true, only if the SYN flag is present
in a TCP segment header.
if its value is true. For example, tcp.flags.syn is
present, and thus true, only if the SYN flag is present
in a TCP segment header.
Thus the filter expression tcp.flags.syn will select only
those packets for which this flag exists, that is, TCP
segments where the segment header contains the SYN
flag. Similarly, to find source-routed token ring pack-
ets, use a filter expression of tr.sr.
those packets for which this flag exists, that is, TCP
segments where the segment header contains the SYN
flag. Similarly, to find source-routed token ring pack-
ets, use a filter expression of tr.sr.
Ethernet address (6 bytes)
eth.addr == ff:ff:ff:ff:ff:ff
IPv4 address
ip.addr == 192.168.0.1
IPv6 address
IPX network number
String (text)
Double-precision floating point number
6.3.3. Combining expressions
You can combine filter expressions in Ethereal using the logical operators shown in
Table 6.4,
Working with captured packets
106