 | 1 | initial version |
Is there any support beyond a plain "text" input when it comes to capture filters that does the syntax check like Wireshark's integrated UI does?
You can use dumpcap with the -d option to, "Dump the code generated for the capture filter in a human-readable form, and exit."
For example, on Windows:
dumpcap.exe -f "icmp" -d 2>&1 | find "Invalid" > nul
echo %errorlevel%
1
dumpcap.exe -f "foo" -d 2>&1 | find "Invalid" > nul
echo %errorlevel%
0
On Linux:
dumpcap -f "icmp" -d 2>&1 | grep "Invalid" > /dev/null
echo $?
1
dumpcap -f "foo" -d 2>&1 | grep "Invalid" > /dev/null
echo $?
0
I don't know how well that solution could be integrated with your extcap though.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.