On May 15, 2013, at 3:19 PM, Ahmed Elshaer <a.n.elshaer@xxxxxxxxx> wrote:
> can i filter packets that contains a specific text string , i just
> want to capture the packets that contain that string not any other
> string,
Unfortunately, the filtering that can be done with BPF (which is what tcpdump and Wireshark use for capture filtering) is limited in what it can do (by design - it's done by running an interpreted or JIT-compiled program in the kernel, and, to prevent infinite loops being run in the kernel, loops are not allowed, and there is no "search for a string" instruction).