[pcap-ng-format] Request: IDB:if_filter: add support for the "Wireshark Display Filter"
Jose Pedro Oliveira
jpo at di.uminho.pt
Fri Jun 29 06:07:36 PDT 2012
Hi,
This is a request for adding a new filter type - "Wireshark Display
Filter" [1] - to the IDB:if_filter option.
----------
Block:
IDB
Option:
if_filter (option 11)
Summary:
Register a new filter type for the Wireshark's Display filter [1].
More info:
This would allow to store the display filter in contexts where
they are used as (offline) capture filters.
The content of the display filter would be a string (similar
to the libpcap filter contents).
Example:
* tshark offline filtering operation using the Wiretap API:
tshark -R <display filter> -r in.pcapng -w out.pcapng
----------
/jpo
[1] - Wireshark Display Filters
http://wiki.wireshark.org/DisplayFilters
--
José Pedro Oliveira
* mailto:jpo at di.uminho.pt *
More information about the pcap-ng-format
mailing list