Hello,
I want to add the following wireshark feature. I would like to know others' opinion (is someone else already doing this, etc) before starting.
Description:
Add an option to stop the capture when the given filter is matched.
The option to dumpcap may look like:
-a filter:<filter-spec>
i.e. It's basically an addition to the auto-stop condition.
e.g: -a "filter: host 1.1.1.1 and icmp"
This will be very useful when you know the exact packet that you want to trigger the auto-stop condition. You can start the capture and walk away without having to monitor the capture.
Thanks,
Hari