Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Need help with capture filters

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 23 Jan 2009 11:49:09 -0800

On Jan 23, 2009, at 11:31 AM, matt roberts wrote:

This is 1.0.0.

To what does "this" refer? "tshark -v" prints, for me, a whole bunch of numbers:

	$ tshark -v
	TShark 1.1.2 (SVN Rev 26671)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.16.4, with libpcap 0.9.5, with libz 1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.8, without c-ares, without ADNS, with Lua 5.1, with GnuTLS 2.6.0, with Gcrypt 1.4.3, with MIT Kerberos, with
	GeoIP.

	Running on Darwin 9.6.0 (MacOS 10.5.6), with libpcap version 0.9.5.

	Built using gcc 4.0.1 (Apple Inc. build 5465).

and the number I care about isn't the one following "Wireshark" or "TShark", it's the one following "with libpcap", as it's libpcap that compiles capture filters into BPF code and either interprets them or hands them to the kernel.