tcpdump mailing list archives
Making the filter language more expandable
From: Darren Reed <darrenr () reed wattle id au>
Date: Tue, 20 Jul 2004 12:05:07 +1000 (EST)
One of the big problems I have with tcpdump and libpcap, today, is the limitations in the filter language. As a quick example, while it understands IP header bits and port numbers, I can't do 'tcpdump gre_v 1' in the same way I can do 'tcpdump port 2', etc. Taking it out to what I'd like to see (define new protocols as keywords and byte offsets in some text file) is unquestionably not a simple task and is not something I'd like to see delay a release labelled 1.0. Has anyone else done any work on something like this or given it any more, in depth, thought than I have to date ? Cheers, Darren - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Making the filter language more expandable Darren Reed (Jul 19)