|
EtherealRE : [Ethereal-users] http content capture filter |
|
||
|
|
EtherealRE : [Ethereal-users] http content capture filter |
|
||
Hi, Still I would prefer to be able to define it in the capture filter I understand that it is not possible and I will go with the display filter. Many thanks. --- Connexim, une société en commandite de Bell Canada André Noël - Capacité et performance de réseaux 671, De la Gauchetière Ouest Bureau 744 Montréal, Qc H3B 2M8 Tél.: 514-870-0496 Courriel: andre.noel@xxxxxxxxxxx -----Message d'origine----- De : ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-bounces@xxxxxxxxxxxx] De la part de Guy Harris Envoyé : 8 février 2005 15:07 À : Ethereal user support Objet : Re: [Ethereal-users] http content capture filter NOEL, ANDRE wrote: > Is there any way to do a capture filter based on the HTTP data content ? > I want to capture Every packet that contains the word CONNECT. There's no general "string match" instruction in the BPF pseudo-machine used for capture filters, nor are there any backwards branches in the BPF pseudo-machines in various OS kernels (so that you can't load a pseudo-program that can loop infinitely), so there's no way to look for CONNECT at any arbitrary offset in the packet. You can look for it at a *specific* offset in the packet, although it's not easy to construct the expression: http://home.insight.rr.com/procana/#Payload _______________________________________________ Ethereal-users mailing list Ethereal-users@xxxxxxxxxxxx http://www.ethereal.com/mailman/listinfo/ethereal-users
Powered by MHonArc 2.6.10