On Fri, Feb 28, 2003 at 01:09:58PM -0500, Parks, Chauni wrote: > I recently created and installed an middleware dissector/plug-in. My > question is how can I filter on that protocol that I created? What would I > put the capture string.
The port number on which the traffic is running. Capture filters aren't implemented by Ethereal, they're implemented by libpcap, which is a separate piece of software that Ethereal (and tcpdump, and a number of other programs) use to do packet capturing. Capture filters are compiled into a pseudo-machine-language for a fairly simple machine; there are limits on the types of filtering that can be done with that machine. > It's listed in the display filters, preferences, > and add expression list as a protocol, That's because display filters are implemented by Ethereal, so it knows about your new protocol; libpcap doesn't know about it.
