tcpdump mailing list archives
Re: tcpdump and BPF filters
From: Guy Harris <guy () alum mit edu>
Date: Mon, 11 Jul 2011 10:27:16 -0700
On Jul 10, 2011, at 6:57 PM, Geoffrey Sisson wrote:
The catch is that domain names comprise a variable number of variable-length fields.
...and include pointers back to other labels, for compression. If the queries you're can be expressed in a syntax that could be added to the libpcap filter syntax, libpcap could be extended to generate BPF programs to match DNS labels (although if those programs loop, they will have to be run in userland), which would allow all pcap-based programs, not just tcpdump, to use them. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump and BPF filters Geoffrey Sisson (Jul 10)
- Re: tcpdump and BPF filters Guy Harris (Jul 10)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 10)
- Re: tcpdump and BPF filters Guy Harris (Jul 10)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 10)
- Re: tcpdump and BPF filters Guy Harris (Jul 11)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 11)
- Re: tcpdump and BPF filters Darren Reed (Jul 12)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 12)
- Re: tcpdump and BPF filters Sam Roberts (Jul 12)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 12)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 10)
- Re: tcpdump and BPF filters Guy Harris (Jul 10)