Wireshark mailing list archives

Re: How does wireshark filter packets

From: Guy Harris <guy () alum mit edu>
Date: Tue, 29 Jan 2013 14:10:53 -0800


On Jan 29, 2013, at 1:39 PM, Wenfei Wu <wenfeiwu () cs wisc edu> wrote:

  I want to know how wireshark use the filter expression to filter packets. Does it parse the packet first, and then 
use the filter expression to check? If so, is there some intermediate data structure to store the filter expression? 
What is the algorithm?
  Is there some materials about this?


See my reply on the tcpdump-workers mailing list.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

How does wireshark filter packets Wenfei Wu (Jan 29)
- Re: How does wireshark filter packets Guy Harris (Jan 29)
  - Re: How does wireshark filter packets Guy Harris (Jan 29)
    - Re: How does wireshark filter packets Jeff Morriss (Jan 29)