Wireshark mailing list archives
Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols?
From: Ateeth Kumar Thirukkovulur <athirukkovulur () uh edu>
Date: Sun, 20 Apr 2014 19:40:41 -0500
Yes thats what I was looking for. Thank you. Well I am interested in using newly created expressions to filter packets that are related. Indirectly what i want is end to end host filtering(not based on protocols). Also For eg, Suppose there is an ARP reply from a given host address. I also want wireshark to display the ARP request of that host only....So what I am saying is that wireshark should display only ARP reply and the ARP request of the particular host. It shouldnt display the previous ARP packets from that host. Maybe like the last 2 packets - ARP reply and ARP request so that those 2 packets can be monitored in detail. *Ateeth Kumar Thirukkovulur* *Research Assistant* *College of Technology* *UH ID:1267190* On Sat, Apr 19, 2014 at 2:12 PM, Guy Harris <guy () alum mit edu> wrote:
On Apr 19, 2014, at 11:58 AM, Ateeth Kumar Thirukkovulur < athirukkovulur () uh edu> wrote:Not exactly. Suppose I want to include a NOT operator in the display filter. Say "!tcp". Which code must I change? I know it already exists. Where do I include the symbols n expressions for newly added terms.Do you get what I am saying?No, not really. If you mean "how do I support new operators in packet-matching expressions", you'd: change epan/dfilter/scanner.l to add the new operator as a lexical-analyzer token; change epan/dfilter/grammar.lemon to handle that token as part of the grammar, translating them into new "instructions" in the "display filter virtual machine"; change epan/dfilter/dfvm.c to support those new "instructions". If you mean "how do I support some particular *type* of new operators", you'd need to tell us what those new operators are and what semantics they have, so we can indicate what *particular* changes would be needed to those files. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Regarding display filter- how to redesign code to incorporate expressions other than protocols? Ateeth Kumar Thirukkovulur (Apr 18)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Guy Harris (Apr 18)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Ateeth Kumar Thirukkovulur (Apr 19)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Guy Harris (Apr 19)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Ateeth Kumar Thirukkovulur (Apr 20)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Ateeth Kumar Thirukkovulur (Apr 19)
- Re: Regarding display filter- how to redesign code to incorporate expressions other than protocols? Guy Harris (Apr 18)