Ethereal-users: Re: [Ethereal-users] searching for pattern in packets

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Thu, 8 May 2003 12:35:46 -0700
On Thu, May 08, 2003 at 11:43:05AM -0700, Guy Harris wrote:
> For filtering a live capture, libpcap supports a similar filtering
> mechanism, albeit not so convenient to use:

...and not capable of conveniently testing stuff at the end of the
packet, although given that in

> 			     ... To access data  inside  the
> 			     packet, use the following syntax:
> 				  proto [ expr : size ]

"expr" can be an expression, it might be possible to construct an
expression to calculate the packet length minus the appropriate number
of bytes and test that.