tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

question

From: "subramoni padmanabhan" <smoni77 () hotmail com>
Date: Sat, 12 Oct 2002 18:32:01 -0400
Hi,
Can anybody suggest a way for me to write a tcpdump type filter which allows me to access the first two bytes of a DLT_LINUX_SLL header. I am using the "any" device to capture packets using libpcap.
To make this more clear, the tcpdump filter to capture packets whose ethernet header has its first byte to 1 is 'ether[0] = 1' Similarly, is there a way to get at the first two bytes of a DLT_LINUX_SLL header so that I can use it in a tcpdump type filter. Any quick suggestions would be really helpful as my project has been stalled trying to figure out a way to do this. 
Thanks.


Subramoni Padmanabhan
G-126, 700 woodland avenue
Lexington, Kentucky 40508
Phone : 859 323 9405


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com 

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: