I am attempting to generate a WinPcap filter from a configuration UI. Right now I have a filter string that looks like this ip && (((ip.src == 10.10.10.10 && (tcp.port == 10 || udp.port == 10)) && (ip.dst == 20.20.20.20 && (tcp.port == 20 || udp.port == 20)))). This filter is valid when I enter it into Wireshark, but when I attempt to compile it via WinPcap I get a syntax error. I have compiled a simple filter (ip and tcp) without an issue, so I know it has something to do with this filter string. Any ideas?
I am attempting to generate a WinPcap filter from a configuration UI. Right now
Share
You might need to specify the protocol instead of just puttingip.For example
So the filter option you are using is conforming to the wireshark syntax. You’ll need to use the BPF format for capturing data to be able to switch back and forth between wireshark and WinPcap. You can test out your filters using the ‘Capture Options’ on the specific interface you wish to collect on.
Your wireshark filter would be translated to the following BPF code:
See the FilterCaptures section in Wireshark and Filter expression syntax on WinPcaps page for more details.