Thanks for the response. I'll take a look at that. Is there a way to save just my protocol packets?
Greg ---- Guy Harris <[email protected]> wrote: ============= On Apr 24, 2009, at 3:13 PM, [email protected] wrote: > I want to be able to use my custom protocol as a capture filter, how > do i do this? Capture filters are implemented by libpcap/WinPcap, not Wireshark, and are limited in their capabilities, as they are implemented by a simple mechanism designed to be capable of being implemented safely in the kernel (so that packets can be filtered out in the kernel and not copied to user space if they don't pass the filter; see http://www.tcpdump.org/papers/bpf-usenix93.pdf for the rationale behind BPF). See the "expression" section of http://www.tcpdump.org/tcpdump_man.html for a full and complete description of what you can do with capture filters. Unless you can express your desired capture filter in terms of things such as TCP or UDP port numbers, or expressions that might be able to look at the TCP or UDP payload, you cannot create a filter to try to capture only traffic for your protocol. ___________________________________________________ ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
