Ethereal User's Guide: V1.1 for Ethereal 0.8.19
<<< PreviousUsing EtherealNext >>>

Finding frames

You can easily find frames once you have captured some packets or have read in a previously saved capture file. Simply select the Find Frame... menu item from the Edit menu. Ethereal will pop up the dialog box shown in Figure 22.

Figure 22. The Ethereal Find Frame dialog box

Simply enter a display filter string into the Filter: field, select a direction, and click on OK.

For example, to find the three way handshake for a connection from host 10.0.0.5, use the following filter string: 


  ip.addr==10.0.0.5 and tcp.flags.syn
For more details on display filters, see the Section called Filtering packets while viewing

<<< PreviousHomeNext >>>
Packet colorizationUpFollowing TCP streams