Ethereal

Re: [Ethereal-users] http content capture filter
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: February 2005

 

NOEL, ANDRE wrote:

Is there any way to do a capture filter based on the HTTP data content ? I want to capture Every packet that contains the word CONNECT.

There's no general "string match" instruction in the BPF pseudo-machine used for capture filters, nor are there any backwards branches in the BPF pseudo-machines in various OS kernels (so that you can't load a pseudo-program that can loop infinitely), so there's no way to look for CONNECT at any arbitrary offset in the packet.

You can look for it at a *specific* offset in the packet, although it's not easy to construct the expression:

	http://home.insight.rr.com/procana/#Payload

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.