Wireshark mailing list archives

Re: filter packets

From: Guy Harris <guy () alum mit edu>
Date: Wed, 15 May 2013 15:54:37 -0700


On May 15, 2013, at 3:19 PM, Ahmed Elshaer <a.n.elshaer () gmail com> wrote:

can i filter packets that contains a specific text string , i just
want to capture the packets that contain that string not any other
string,


Unfortunately, the filtering that can be done with BPF (which is what tcpdump and Wireshark use for capture filtering) 
is limited in what it can do (by design - it's done by running an interpreted or JIT-compiled program in the kernel, 
and, to prevent infinite loops being run in the kernel, loops are not allowed, and there is no "search for a string" 
instruction).

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

filter packets Ahmed Elshaer (May 15)
- Re: filter packets Guy Harris (May 15)