The installed version of ethereal had only a "tethereal" binary. I checked the ethereal FAQ, which said that older Red Hat RPMs have that problem: the RPM only has the non-GUI parts. This is maybe ok, but the Ethereal website also has the new version 10, so I decided to try to install it.
I webb'd to http://www.ethereal.com/distribution/ and got ethereal-0.10.0a.tar.gz.
as root
cd /usr/src
tar xf ethereal-0.10.0a.tar
rm ethereal-0.10.0a.tar
cd ethereal-0.10.0a/
./configure
make
make install
make install-man
make clean
Basically, you can capture all packets and then filter which of them you want to display, or capture them with a filter turned on so that you only capture certain packets. The first way is much better if you're looking at a TCP session like an SMTP transfer. Also, the filters you use while capturing have a different format than the filters you use after capturing. The former are libpcap/tcpdump format.
To capture the first way, just start capturing, do the thing that generates the packets you're trying to view, and stop capturing. Then find a packet of interest, select it, and right-click Follow TCP Stream.
To capture with an active filter so that only some packets are captured, start ethereal, click the Filter box in the lower left corner, set a filter, then click the Capture menu item. When construting the filter, it helps to use the "Add filter expression" button.