|
To use filters during a capture:
-
Open the filters drawer using the Show/Hide Filters (Command+R) command; then
-
Select one or more filters by clicking, shift-clicking or command-clicking.
Filters work at the document level. This means that you can run multiple captures on the same physical interface simultaneously, with each capture using a different set of filters.
When two or more filters are selected, they are ORed together before being passed to tcpdump, as in the example below.
|
Filter
|
Expression
|
|
Traffic to mail.mac.com
|
((dst host 17.250.248.64))
|
|
Traffic from mail.mac.com
|
((src host 17.250.248.64))
|
|
Combined
|
((dst host 17.250.248.64) or (src host 17.250.248.64))
|
Whether a compound filter makes any sense in any given situation is something you have to determine for yourself.
Note that filters only apply during packet capture. FrameSeer does not (yet) support display filters.
|
