Wireshark · Wireshark-dev: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and "read filter"

Wireshark-dev: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and "read filter"

From: Ulf Lamping <ulf.lamping@xxxxxx>

Date: Tue, 09 Oct 2007 09:35:21 +0200

Michael Tuexen schrieb:

What is a read filter?

A not so well known feature ;-)

Read filters are using the same syntax as display filters (and thereforethe whole complex filter engine), and drop packets "already in memory"before they are written to the capture file. That was possible in theold capturing mechanism, as it was build "all in one program".

With the current changes, dumpcap writes the capture file with acomplete absence of that complex filtering engine (well, that's in factthe privilege seperation!), so there's no chance to do that kind offiltering.

I think we should continue to support the
capture filters.

No question about that.

Regards, ULFL

Follow-Ups:
- Re: [Wireshark-dev] tshark: drop features "dump to stdout" and "read filter"
  - From: Michael Tuexen

References:
- [Wireshark-dev] tshark: drop features "dump to stdout" and "read filter"
  - From: Ulf Lamping
- Re: [Wireshark-dev] tshark: drop features "dump to stdout" and "read filter"
  - From: Michael Tuexen

Prev by Date: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and "read filter"
Next by Date: [Wireshark-dev] asn1 changes: all buildbots are red ...
Previous by thread: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and "read filter"
Next by thread: Re: [Wireshark-dev] tshark: drop features "dump to stdout" and "read filter"
Index(es):
- Date
- Thread