tcpdump mailing list archives
Re: tcpdump and BPF filters
From: Sam Roberts <vieuxtech () gmail com>
Date: Tue, 12 Jul 2011 14:48:00 -0700
On Tue, Jul 12, 2011 at 1:57 PM, Geoffrey Sisson <geoff () geoff co uk> wrote:
extension to libpcap's filter language, though. My initial query was whether there's a way to supply tcpdump with a BPF filter expression, bypassing the libpcap filter language altogether. This is useful for cases where a filter can be constructed for the BPF that cannot be expressed as a libpcap filter expression.
Since you are contemplating writing BPF filters by hand, you probably already have considered this, but I think you could modify tcpdump to create a bpf_program from your input, bypassing its call to pcap_compile(). Maybe use -F to provide the raw instructions. Cheers, Sam - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- tcpdump and BPF filters Geoffrey Sisson (Jul 10)
- Re: tcpdump and BPF filters Guy Harris (Jul 10)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 10)
- Re: tcpdump and BPF filters Guy Harris (Jul 10)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 10)
- Re: tcpdump and BPF filters Guy Harris (Jul 11)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 11)
- Re: tcpdump and BPF filters Darren Reed (Jul 12)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 12)
- Re: tcpdump and BPF filters Sam Roberts (Jul 12)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 12)
- Re: tcpdump and BPF filters Geoffrey Sisson (Jul 10)
- Re: tcpdump and BPF filters Guy Harris (Jul 10)