Re: Byte matching

[Matteo Pelliccia <matteo.pelliccia () gmail com>]

Hi Jeff,
thank you for your answear. I was looking at the code, for what I
understood the matching is held by the function dfvm_apply. Are there any
connection beetween the structure dfilter_t and the original pcap file? I
can print the value matched pretty easily.

Matteo


2014-05-27 22:39 GMT+02:00 Jeff Morriss <jeff.morriss.ws () gmail com>:

> On 05/26/14 04:07, Matteo Pelliccia wrote:
>
> > Hi to all,
> > maybe it's a silly question. Is it possibile to know what byte match in
> > display filter expression? For example if I have a pcap file with some
> > packet and I run tshark with -Y option I would like to know which bytes
> > match that expression, is it possibile?
>
> Unfortunately no, not today.  There's been some discussion of highlighting
> the field (if not the bytes) in the GUI (there's probably a bug requesting
> that) but this is the first time I've heard of it for tshark.
>
> ____________________________________________________________
> _______________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe