tcpdump mailing list archives
Wenfei: how does tcpdump filter packets?
From: Wenfei Wu <wenfeiwu () cs wisc edu>
Date: Tue, 29 Jan 2013 14:54:40 -0600
Hi, all, When using tcpdump capture trace, we can add filter expressions ( in a form of primitive [and/or primitive] ). I want to know how the packets are parsed and matched to this filter expression. Is there some intermediate data structure for the filter expression? Is the filter used as it is parsed on each layer of the headers or used once after the packet is parsed completely? Is there some material about this? Regards, Wenfei Wu _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Wenfei: how does tcpdump filter packets? Wenfei Wu (Jan 29)
- Re: Wenfei: how does tcpdump filter packets? Guy Harris (Jan 29)
- Re: Wenfei: how does tcpdump filter packets? Wenfei Wu (Jan 29)
- Re: Wenfei: how does tcpdump filter packets? Guy Harris (Jan 29)
- Re: Wenfei: how does tcpdump filter packets? Wenfei Wu (Jan 29)
- Re: Wenfei: how does tcpdump filter packets? Guy Harris (Jan 29)