Why is #Wireshark capture filter #language different from its display filter language ? “The capture filter language considers short and bounded runtime (no loops) to be paramount. Roughly, when you’re capturing, it’s important that your filters eat a limited amount of resources. The display filter language abandons the careful runtime limits in favour of being more powerful. You can go higher up in the stack, you can use regexes, etc. That’s acceptable because you’re usually doing it offline” - ▻https://news.ycombinator.com/item?id=9568728 #libpcap #sniffing