[prev in list] [next in list] [prev in thread] [next in thread] 

List:       tcpdump-workers
Subject:    [tcpdump-workers] question
From:       "subramoni padmanabhan" <smoni77 () hotmail ! com>
Date:       2002-10-16 4:44:07
[Download RAW message or body]

Hi,

   I have sent this mail a couple of time before but received no reply. I 
don't know if it is coz no one knows the answer to my question or that my 
mail has not reached you. Anyway, I am asking one more time. Is there anyway 
that I could write a filter expression(tcpdump style) to filter packets 
based on the first two bytes of the DLT_LINUX_SLL header? My specific 
problem is that I have a filter scanning all the interfaces of my 
machine(using the "any" device. it's a pcap program) But the filter captures 
also packets sent out by me to other machines, apart from the ones that I 
receive, which I do not want. I only want incoming packets to be captured, 
not the outgoing ones. I know DLT_LINUX_SLL header's first two bytes have an 
option 4 which indicates "packets sent by me". I want to get at these first 
two bytes in the form a tcpdump filter expression so that I can pass it to 
pcap_compile(). Any ideas on how this might be possible? I hope I have 
phrased my question in a comprehensible way. Thanks for ur time, guys(no pun 
intended).


Subramoni Padmanabhan
G-126, 700 woodland avenue
Lexington, Kentucky 40508
Phone : 859 323 9405




_________________________________________________________________
Choose an Internet access plan right for you -- try MSN! 
http://resourcecenter.msn.com/access/plans/default.asp

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request@tcpdump.org?body=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]