Ethereal-users: Re: [Ethereal-users] How to capture packets with defined string in data?

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 16 Nov 2004 11:00:56 -0800
Dabasinskas, Martynas wrote:
Question: is it possible to set some capture filter to capture only these packets with 123 inside ?
No. The capabilities of libpcap capture filters are limited (they don't, for example, include loops, as the filter is, on some platforms, loaded into the OS kernel, so that packets that don't match the filter can be discarded without being copied to user space; disallowing loops simplifies the task of making sure the BPF program into which the filter expression is compiled won't cause problems, as disallowing loops means disallowing infinite loops).
You might be able to do it with Tethereal by using a read filter of "frame contains 123".