Wireshark · Ethereal-dev: [Ethereal-dev] Display filter working

Ethereal-dev: [Ethereal-dev] Display filter working

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Soft Boy <etherealfilter@xxxxxxxxx>

Date: Wed, 10 Mar 2004 09:37:04 -0800 (PST)

Hi All,

I have a requirement to filter packets stored in plain buffers. What I need is a good filter syntax and its parser (which ethereal display filters have) and a way to match filters to packets stored in byte stream array.

Can I use ethereal display filters directly to do this using any command apart from the GUI ? OR if this is not possible.. Can I use any of the display filter APIs in ethereal code and write my own main function to remove capture filter capability and other unncessary stuff OR Can I extract the display filter parsing and matching code with little efforts and write my own application ??

Is the display filtering done using BPF program like pcap_compile prepares for capture filters ?? OR does it have any other mechanism to do this ?? Where can I find more information about it ? Is there any thread/document which describes this mechanism ??

thanks and warm regards,

Soft Boy

Do you Yahoo!?
Yahoo! Search - Find what youï¿½re looking for faster.

Follow-Ups:
- Re: [Ethereal-dev] Display filter working
  - From: Gilbert Ramirez

Prev by Date: [Ethereal-dev] Sniffer .cap packet times are still incorrect.
Next by Date: Re: [Ethereal-dev] Sniffer .cap packet times are still incorrect.
Previous by thread: Re: [Ethereal-dev] Sniffer .cap packet times are still incorrect.
Next by thread: Re: [Ethereal-dev] Display filter working
Index(es):
- Date
- Thread