Wireshark · Ethereal-users: Re: [Ethereal-users] http content capture filter

Ethereal-users: Re: [Ethereal-users] http content capture filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 09 Feb 2005 22:13:44 -0800

GRL wrote:

Will it be the possibility of the string match in the future?


Perhaps somebody will add a string matching instruction to the BPF
interpreter on some platform in the future (note that the BPF
interpreter is *NOT* part of Ethereal, so there's nothing Ethereal can
do about this); I don't know of anybody who has any plans to do that.

The only alternative would be to do the filtering in user mode code,
which would mean copying *all* packets from the OS kernel, even the ones
that wouldn't match, so you'd be more likely to drop packets.  You could
do that in Tethereal with a "read filter", i.e. a filter specified with

"-R", such as "frame contains CONNECT", when capturing. Currently,there's no mechanism for doing that in Ethereal.

References:
- [Ethereal-users] http content capture filter
  - From: NOEL, ANDRE
- Re: [Ethereal-users] http content capture filter
  - From: Guy Harris
- Re: [Ethereal-users] http content capture filter
  - From: GRL

Prev by Date: [Ethereal-users] Want to know the size of packets
Next by Date: [Ethereal-users] Re: Help me please with unsupported protocol choosing!!!
Previous by thread: Re: [Ethereal-users] http content capture filter
Next by thread: [Ethereal-users] Delta discrepancy
Index(es):
- Date
- Thread