--- Comment #4 from Thiagarajan Hariharan <[email protected]>  2009-09-02 23:34:15 PDT ---
Created an attachment (id=3602)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3602)
Add start and stop filters to dumpcap

The patch contains changes to 4 source files.
I have tested dumpcap on Windows XP SP3 and linux.

I had already written the code to use pcap_offline_filter(). I didn't change it
to use bpf_filter() directly. One reason was to treat 'struct bpf_program' as a
opaque object in dumpcap - calling bpf_filter requires you to poke into this
structure. Another was to stick to using pcap_xxx() APIs. If others think
bpf_filter() should be used, this can be changed.

This feature has not been added to tshark & wireshark. For now it should be
easy enough to use dumpcap directly.

