I tried to find some decent documentation if this feature was available, but i couldn't find anything. Just to make sure is anyone aware of a filter or option in which to limit captures based on data? For example, I'm sniffing a network under heavy traffic, and so i thought a good idea to lessen the pressure was to start a capture once a specific package data was detect, then have it capture "everything" until another specific package data was detected, at which point it stops capturing until another "start" package was detected.
This method would help if an application uses a specific port initially, but then randomly sends data during its usage. Such as the MSN protocol. What I'm trying to achieve is to isolate the capture to start when i Sign into msn, then capture all my traffic until i sign out.