Yes thats what I was looking for. Thank you. Well I am interested in using newly created expressions to filter packets that are related. Indirectly what i want is end to end host filtering(not based on protocols).
Also For eg, Suppose there is an ARP reply from a given host address. I also want wireshark to display the ARP request of that host only....So what I am saying is that wireshark should display only ARP reply and the ARP request of the particular host. It shouldnt display the previous ARP packets from that host. Maybe like the last 2 packets - ARP reply and ARP request so that those 2 packets can be monitored in detail. *Ateeth Kumar Thirukkovulur* *Research Assistant* *College of Technology* *UH ID:1267190* On Sat, Apr 19, 2014 at 2:12 PM, Guy Harris <g...@alum.mit.edu> wrote: > > On Apr 19, 2014, at 11:58 AM, Ateeth Kumar Thirukkovulur < > athirukkovu...@uh.edu> wrote: > > > Not exactly. > > > > Suppose I want to include a NOT operator in the display filter. Say "! > tcp". Which code must I change? I know it already exists. Where do I > include the symbols n expressions for newly added terms. > > > > Do you get what I am saying? > > No, not really. > > If you mean "how do I support new operators in packet-matching > expressions", you'd: > > change epan/dfilter/scanner.l to add the new operator as a > lexical-analyzer token; > > change epan/dfilter/grammar.lemon to handle that token as part of > the grammar, translating them into new "instructions" in the "display > filter virtual machine"; > > change epan/dfilter/dfvm.c to support those new "instructions". > > If you mean "how do I support some particular *type* of new operators", > you'd need to tell us what those new operators are and what semantics they > have, so we can indicate what *particular* changes would be needed to those > files. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: http://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
