Wireshark-bugs: [Wireshark-bugs] [Bug 3967] Add start and stop filter triggers to dumpcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3967
Thiagarajan Hariharan <harixxxx@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3602| |review_for_checkin?
Flag| |
--- Comment #4 from Thiagarajan Hariharan <harixxxx@xxxxxxxxx> 2009-09-02 23:34:15 PDT ---
Created an attachment (id=3602)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3602)
Add start and stop filters to dumpcap
The patch contains changes to 4 source files.
I have tested dumpcap on Windows XP SP3 and linux.
I had already written the code to use pcap_offline_filter(). I didn't change it
to use bpf_filter() directly. One reason was to treat 'struct bpf_program' as a
opaque object in dumpcap - calling bpf_filter requires you to poke into this
structure. Another was to stick to using pcap_xxx() APIs. If others think
bpf_filter() should be used, this can be changed.
This feature has not been added to tshark & wireshark. For now it should be
easy enough to use dumpcap directly.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.