Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Is there any support beyond a plain "text" input when it comes to capture filters that does the syntax check like Wireshark's integrated UI does?

You can use dumpcap with the -d option to, "Dump the code generated for the capture filter in a human-readable form, and exit."

For example, on Windows:

  1. A valid capture filter:
    dumpcap.exe -f "icmp" -d 2>&1 | find "Invalid" > nul
    echo %errorlevel%
    1
  1. An invalid capture filter:
    dumpcap.exe -f "foo" -d 2>&1 | find "Invalid" > nul
    echo %errorlevel%
    0

On Linux:

  1. A valid capture filter:
    dumpcap -f "icmp" -d 2>&1 | grep "Invalid" > /dev/null
    echo $?
    1
  1. An invalid capture filter:
    dumpcap -f "foo" -d 2>&1 | grep "Invalid" > /dev/null
    echo $?
    0

I don't know how well that solution could be integrated with your extcap though.