Ethereal-users: Re: [Ethereal-users] http content capture filter

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "GRL" <giovrell@xxxxxx>
Date: Wed, 9 Feb 2005 22:55:14 +0100
Will it be the possibility of the string match in the future?

----- Original Message ----- 
From: "Guy Harris" <gharris@xxxxxxxxx>
To: "Ethereal user support" <ethereal-users@xxxxxxxxxxxx>
Sent: Tuesday, February 08, 2005 9:07 PM
Subject: Re: [Ethereal-users] http content capture filter


> NOEL, ANDRE wrote:
>
> > Is there any way to do a capture filter based on the HTTP data content ?
> >  I want to capture Every packet that contains  the word   CONNECT.
>
> There's no general "string match" instruction in the BPF pseudo-machine
> used for capture filters, nor are there any backwards branches in the
> BPF pseudo-machines in various OS kernels (so that you can't load a
> pseudo-program that can loop infinitely), so there's no way to look for
> CONNECT at any arbitrary offset in the packet.
>
> You can look for it at a *specific* offset in the packet, although it's
> not easy to construct the expression:
>
> http://home.insight.rr.com/procana/#Payload
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
> -- 
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.300 / Virus Database: 265.8.6 - Release Date: 07/02/2005
>
>




-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.8.6 - Release Date: 07/02/2005