Christopher Maynard

> Was the directory removed after reboot? I'm sorry I don't recall. I uninstalled it during Wireshark un-installation, and I don't think I rebooted afterwards. I think I may have...

Another one: 5. Ports already included within a port range should be optimized away. For example instructions 013, 014 and 015 are completely unnecessary, given the following capture filter: ```...

> Case 1 & 2 are becasue `ip6` itself adds a comparison of version, `[6]=6` adds another. I'm not aware of any optimization built into libpcap for the elimination of...

> We'd like to be able to filter packets on vlan 0xAAA coming from ip 127.127.127.127 as well as on vlan 0xBBB coming from 247.247.247.247. > > We use the...

Maybe it would be helpful to document "**proto** protocol" more similarly to how "**ip proto** protocol" is documented? And then instead of explicitly listing ah, esp, pim, sctp, tcp udp...

No, I was suggesting that it read more like `ip proto protocol` does, so something like: proto protocol True if the packet is an IPv4 or IPv6 packet of protocol...

Yes, that's the behaviour I'm seeing. But the documentation for `proto protocol` seems to imply that only ah, esp, pim, sctp, tcp or udp can be used when specifying the...

The keynote itself can still be found on YouTube though: https://www.youtube.com/watch?v=XHlqIqPvKw8

A possible work-around until a more robust solution is available: `ip6 and (ip6[6] = 17) and ((ip6[40 + 8 + 2] & 1) != 0)`. Of course this only works...