Wireshark mailing list archives
Re: Are Capture Filters Implemented in Software or the Network Card?
From: Guy Harris <gharris () sonic net>
Date: Sun, 21 Nov 2021 11:41:24 -0800
On Nov 21, 2021, at 11:06 AM, Guy Harris <gharris () sonic net> wrote:
In the capture mechanisms in most UN*Xes (*BSD, macOS, Linux, Solaris, AIX, and Tru64 UNIX), and in the capture mechanism provided by the WinPcap and Npcap drivers, all packets received by an interface on which capturing is being done are delivered to the capture mechanism in the kernel. That capture mechanism applies the filter, and only packets that pass the filter are put in a buffer to be delivered to user mode. The libpcap user-mode code then just sees only the packets that pass the filter, and provides those packets to the program using it, such as tcpdump or dumpcap. In the case of dumpcap, it writes batches of packets to a capture file as they arrive, and notifies Wireshark or TShark that a batch of packets has arrived.
Solaris *11* - in previous versions, and in HP-UX, the capturing mechanism supports filtering, but it's an incompatible filtering mechanism that's not capable of supporting all the capabilities of the filtering mechanism used in the other OSes, and libpcap doesn't try to use it. (And in IRIX, there is an even more limited filtering mechanism, which libpcap doesn't support.) ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Are Capture Filters Implemented in Software or the Network Card? X Q (Nov 21)
- Re: Are Capture Filters Implemented in Software or the Network Card? Gene Cumm (Nov 21)
- Re: Are Capture Filters Implemented in Software or the Network Card? Nicolás Alvarez (Nov 21)
- Re: Are Capture Filters Implemented in Software or the Network Card? Guy Harris (Nov 21)
- Re: Are Capture Filters Implemented in Software or the Network Card? Graham Bloice (Nov 21)
- Re: Are Capture Filters Implemented in Software or the Network Card? Guy Harris (Nov 21)
- Re: Are Capture Filters Implemented in Software or the Network Card? Gene Cumm (Nov 21)
- Re: Are Capture Filters Implemented in Software or the Network Card? Guy Harris (Nov 21)