Wireshark-dev: [Wireshark-dev] Dynamic capture filter?
From: Eirik Seim <[email protected]>
Date: Mon, 15 Oct 2007 23:01:30 +0200
Not sure if this has been discussed before, a quick search suggests not
(unless other terminology has been used...).

What I would love to see is beeing able to dynamically modify the
capture filter while capturing. As far as I have tested 0.99.6, it
seemingly allows me to edit the capture filter while capturing, but does
not seem to store nor apply it.

A typical situation where this feature might be useful;

- doing a network analysis in environments with high network load, I'd
be able to disregard for example all ARP-traffic once I've eliminated
ARPs as a potential troublemaker.

I've heard Microsoft Network Monitor has such a feature. But from the
little pcap-programming I've done, I've got a feeling it might not be
just a short diff... Comments?


rgds,
- Eirik