Preface A core feature of the common tcpdump packet capture tool is its support for the pcap-filter syntax. This lets it filter traffic and capture only specific packets matching the filter. When developing network-related tools with eBPF, supporting the pcap-filter syntax would greatly improve user experience. That's why the ptcpdump tool I developed includes built-in support for the pcap-filter syntax. Adding pcap-filter support to eBPF programs the usual way involves complex logic. However...
