tcpdump mailing list archives
How to use specific protocol filters in pcap programming
From: Javier Gálvez Guerrero <javier.galvez.guerrero () gmail com>
Date: Tue, 28 Apr 2009 11:26:17 +0200
Hi there, I'm trying to catch DHCP Requests/ACK and IEEE 802.11Probe Requests and Association ACK packets in a custom C program using libpcap but I'm facing some problems when applying filter chains different than simple ones like 'ether dst X' or 'port Y'. I would like to know what should I do in order to properly get packets with libpcap that Wireshark show me when issuing filter chains like: bootp.option.value == 03 wlan.fc.type_subtype == 0x04 If I use a filter like the previous ones I get a filter compiling error in 'pcap_compile(descr, &fp, filter, 0, netp)', so I would like to know how to get the same information with a pcap/tcpdump-compliant filter. Any idea about how I could do it? BTW, in order to get packets with an interface in monitor mode, should I enter any special configuration in my libpcap application? What about pcap_lookupnet(...)? Any help would be much appreciated. Thanks a lot, Javi - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- How to use specific protocol filters in pcap programming Javier Gálvez Guerrero (Apr 28)
- Re: How to use specific protocol filters in pcap programming Guy Harris (Apr 28)
- Re: How to use specific protocol filters in pcap Javier Gálvez Guerrero (Apr 29)
- Re: How to use specific protocol filters in pcap programming Guy Harris (Apr 28)