On Mar 11, 2014, at 10:48 PM, Nilesh Nayak <nileshna...@gmail.com> wrote:
> But if I set the capture filter as "foo", then I should be able to capture
> "foo" packets.
No.
If you modify the grammar.y, scanner.l, and gencode.c files in the
libpcap/WinPcap source so that it supports a capture filter of "foo", and
matches your packets, and you build {tcpdump, Wireshark, whatever} with that
version of libpcap/WinPcap (or, if it's a dynamic/shared library, install that
version of libpcap/WinPcap and have it be the one that {tcpdump, Wireshark,
whatever} uses), you can set the capture filter to "foo" and capture "foo"
packets.
You cannot do something in Wireshark for that.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
