|
Expert mode disables the controls in the filter terms area but allows you to edit the filter expression.
FrameSeer does not check the validity of what you type in the expert area. When you use a new filter for the first time, you should check the log to see if tcpdump reports any syntax errors.
For example, to construct a filter that selects packets either destined for, or received from, the IP address 17.250.248.64, proceed as follows:
-
Click New to create a new filter. Give it a name (eg Packets to/from mail.mac.com).
-
In the Network tab, enter 17.250.248.64 in both the Source and Destination Address fields. The expression shown will be: ((src host 17.250.248.64) and (dst host 17.250.248.64)).
-
Turn on Expert mode.
-
Edit the expression to change the and to or.
-
Click the Save button.
Turning Expert mode off after an expression has been edited returns the expression to its unedited state. All changes are lost.
|
