On Mar 11, 2014, at 10:48 PM, Nilesh Nayak <nileshnayk4@xxxxxxxxx> wrote:
> But if I set the capture filter as "foo", then I should be able to capture "foo" packets.
No.
If you modify the grammar.y, scanner.l, and gencode.c files in the libpcap/WinPcap source so that it supports a capture filter of "foo", and matches your packets, and you build {tcpdump, Wireshark, whatever} with that version of libpcap/WinPcap (or, if it's a dynamic/shared library, install that version of libpcap/WinPcap and have it be the one that {tcpdump, Wireshark, whatever} uses), you can set the capture filter to "foo" and capture "foo" packets.
You cannot do something in Wireshark for that.