Ethereal-users: Re: [Ethereal-users] Capture filters

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxx>
Date: Fri, 28 Feb 2003 10:55:49 -0800
On Fri, Feb 28, 2003 at 01:09:58PM -0500, Parks, Chauni wrote:
> I recently created and installed an middleware dissector/plug-in.  My
> question is how can I filter on that protocol that I created? What would I
> put the capture string.

The port number on which the traffic is running.

Capture filters aren't implemented by Ethereal, they're implemented by
libpcap, which is a separate piece of software that Ethereal (and
tcpdump, and a number of other programs) use to do packet capturing.

Capture filters are compiled into a pseudo-machine-language for a fairly
simple machine; there are limits on the types of filtering that can be
done with that machine.

> It's listed in the display filters, preferences,
> and add expression list as a protocol,

That's because display filters are implemented by Ethereal, so it knows
about your new protocol; libpcap doesn't know about it.