Wireshark-dev: [Wireshark-dev] Wireshark filter list

From: "Gilsinn, James D." <james.gilsinn@xxxxxxxx>
Date: Tue, 1 Mar 2011 17:52:27 -0500

Hello,

 

I’m trying to find out if there’s a file somewhere that lists all of the available Wireshark filters?  I’m developing an application that uses TShark to filter capture files based on certain criteria and returns with PSML files that can be read and used for additional analysis.  Since I’m using TShark in a hands-off approach on Windows, I’d like to be able to do some syntax checking of the filter before I start the TShark process to make sure that it doesn’t come back with an error simply because someone typed “fraem” instead of “frame”.  Is there a list of all the protocol filters available for use?

 

I’ve found the “wireshark-filter.html” file which lists all the protocols, but that would require some pretty complicated processing to parse the HTML.  What I’d like to see is a text or XML file that lists all of the capture/display filters in one file by themselves.  XML would probably be easier to parse, since some additional fields could be added without really affecting the ease of importing the data.

 

-- Jim

 

P.S.  I’m not on the wireshark-dev mailing list, so please email me directly with any responses.

 

--------------------------------------------------------------------------------

James D. Gilsinn

National Institute of Standards & Technology (NIST)  |  Engineering Laboratory (EL)   |  Intelligent Systems Division (ISD)

100 Bureau Drive, Mailstop 8230, Gaithersburg, MD 20899-8230 USA

Office: 301-975-3865  |  Mobile: 301-706-9985  |  james.gilsinn@xxxxxxxx  |  http://www.nist.gov