Wireshark · Wireshark-dev: Re: [Wireshark-dev] How does wireshark filter packets

Wireshark-dev: Re: [Wireshark-dev] How does wireshark filter packets

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 29 Jan 2013 14:10:53 -0800

On Jan 29, 2013, at 1:39 PM, Wenfei Wu <wenfeiwu@xxxxxxxxxxx> wrote:

>   I want to know how wireshark use the filter expression to filter packets. Does it parse the packet first, and then use the filter expression to check? If so, is there some intermediate data structure to store the filter expression? What is the algorithm?
>   Is there some materials about this?

See my reply on the tcpdump-workers mailing list.

Follow-Ups:
- Re: [Wireshark-dev] How does wireshark filter packets
  - From: Guy Harris

References:
- [Wireshark-dev] How does wireshark filter packets
  - From: Wenfei Wu

Prev by Date: [Wireshark-dev] Wireshark 1.6.13 is now available
Next by Date: Re: [Wireshark-dev] How does wireshark filter packets
Previous by thread: [Wireshark-dev] How does wireshark filter packets
Next by thread: Re: [Wireshark-dev] How does wireshark filter packets
Index(es):
- Date
- Thread