Wireshark · Wireshark-users: [Wireshark-users] dumpcap and bpf assembler

Wireshark-users: [Wireshark-users] dumpcap and bpf assembler

From: Richard Stearn <richard@xxxxxxxxxxxxxxxxxxxxxx>

Date: Tue, 26 May 2015 21:21:52 +0100

Is there a way of handing dumpcap a BPF assembler file rather than a
libpcap expression?

I have RTFM'd, googled and not found an answer.

Of course my reading ability and googlefu could be well broken :-)

Why, because I wish to filter on the protocol the network interface
currently believes the packet to be (skb->protocol), rather than what
the interface says it is and I have not found a libpcap expression that
achieves that.

--
Regards
	Richard

Follow-Ups:
- Re: [Wireshark-users] dumpcap and bpf assembler
  - From: Sake Blok

Prev by Date: [Wireshark-users] SSL Decryption: "wrong pre_master_secret length"
Next by Date: Re: [Wireshark-users] dumpcap and bpf assembler
Previous by thread: [Wireshark-users] SSL Decryption: "wrong pre_master_secret length"
Next by thread: Re: [Wireshark-users] dumpcap and bpf assembler
Index(es):
- Date
- Thread