[Winpcap-users] filter packets contains text
Guy Harris
guy at alum.mit.edu
Wed May 15 16:13:32 PDT 2013
On May 15, 2013, at 3:21 PM, Ahmed Elshaer <a.n.elshaer at gmail.com> wrote:
> can i filter packets that contains a specific text string , i just
> want to capture the packets that contain that string not any other
> string , if this can be done please give me example if it cant , could
> u please tell me any other way to do it
Unfortunately, the filtering that can be done with BPF (which is what tcpdump and Wireshark use for capture filtering) is limited in what it can do (by design - it's done by running an interpreted or JIT-compiled program in the kernel, and, to prevent infinite loops being run in the kernel, loops are not allowed, and there is no "search for a string" instruction).
More information about the Winpcap-users
mailing list