Wireshark mailing list archives

Re: Display filter using wildcards

From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Fri, 07 Sep 2012 08:53:46 +0200

Hi,

Have a look in epan/dfilter/. There's the grammar.lemon and scanner.l(ex) thatdo the work.


Thanks,
Jaap

On 09/07/2012 04:55 AM, Ken Sarmago wrote:

Hi all,

I'm new to this list. First of all, kudos to all wireshark developers for a
great tool.

I've been trying to create a Display filter for address fields using wildcards '*'.
e.g.
of.match_dl_dst == 10:00:12:34:56:*
of.match_dl_dst == 10:00:12:34:*:*
of.match_dl_dst == 10:00:12:*:*:*
of.match_dl_dst == 10:00:*:*:*:*
of.match_dl_dst == 10:00:*:*:56:78

Has anyone done this before?

I know there are other filter expressions that can serve the same purpose, but
what if I really want to use wildcards '*'.

If I were to modify wireshark filter function, were will I start?

Thanks a lot in advance,
Ken


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

TCP experimental options Tom Harwood (Sep 06)
- Re: TCP experimental options Jaap Keuter (Sep 06)
- Display filter using wildcards Ken Sarmago (Sep 06)
  - Re: Display filter using wildcards Jaap Keuter (Sep 07)
    - Re: Display filter using wildcards Ken Sarmago (Sep 07)