[Winpcap-users] capture filter complexity trade-off question
Greg Hauptmann
greg.hauptmann.ruby at gmail.com
Tue Aug 17 19:00:27 PDT 2010
Hi,
Any advice/guidance regarding pro's/con's for the following options:
a) minimise amount of packet matches by having a capture filter which
has several "or" in it. Let say a filter that is something like
"LocalHost and (ip 1 or ip 2 or ip3...ip10)", so say one "or" and 9
"and"s.
b) simple capture filter, and then programmatically filter in code for
all the matches (e.g. packet filter might include the localhost only
filter, but not then try to filter out the 10 ip's)
I'm guess that option (a) should be the more optimal way to go, but
wanted to double-check.
thanks
More information about the Winpcap-users
mailing list