Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] dumpcap and bpf assembler

From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 28 May 2015 01:26:39 +0200
Hi Richard,

I think I misunderstood you then. I thought you were looking for a way to write some assembly/machine code for the BPF pseudo processor. Which of course works only on the content of a packet (link layer data and upwards). I believe that anything the BPF engine can do can be accomplished by using a capture filter expression, but it can turn ugly :-)

Cheers,
Sake