tcpdump mailing list archives
question
From: "subramoni padmanabhan" <smoni77 () hotmail com>
Date: Sat, 12 Oct 2002 18:32:01 -0400
Hi,Can anybody suggest a way for me to write a tcpdump type filter which allows me to access the first two bytes of a DLT_LINUX_SLL header. I am using the "any" device to capture packets using libpcap.
To make this more clear, the tcpdump filter to capture packets whose ethernet header has its first byte to 1 is 'ether[0] = 1' Similarly, is there a way to get at the first two bytes of a DLT_LINUX_SLL header so that I can use it in a tcpdump type filter. Any quick suggestions would be really helpful as my project has been stalled trying to figure out a way to do this.
Thanks. Subramoni Padmanabhan G-126, 700 woodland avenue Lexington, Kentucky 40508 Phone : 859 323 9405 _________________________________________________________________Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
- This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- question subramoni padmanabhan (Oct 08)
- Re: question Vishal Malhan` (Oct 09)
- Re: question Guy Harris (Oct 09)
- <Possible follow-ups>
- Re: question subramoni padmanabhan (Oct 09)
- question subramoni padmanabhan (Oct 10)
- question subramoni padmanabhan (Oct 14)
- question subramoni padmanabhan (Oct 15)
- Re: question Guy Harris (Oct 16)