tcpdump mailing list archives
Re: how pcap filter string works?
From: Guy Harris <guy () alum mit edu>
Date: Thu, 22 Jul 2004 12:29:07 -0700
On Jul 22, 2004, at 12:25 PM, Hu Thomas Pan wrote:
I have a pcap filter string: udp and \( \( host host1 and port port1 \) or\( host host2 and port port2 \) \)Things are working through command line for tcpdump. But, it doesn't workfor pcap lib in the code.
Try using the string"udp and ( ( host host1 and port port1 ) or ( host host2 and port port2 ) )"
as the string you pass to "pcap_compile()". The "\" before "(" and ")" in the tcpdump command line are to cause the shell not to treat them as special characters. They're removed by the shell when those arguments are passed to tcpdump.
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- anoncvs down? David Young (Jul 21)
- Re: anoncvs down? Michael Richardson (Jul 21)
- Re: anoncvs down? David Young (Jul 21)
- Re: anoncvs down? David Young (Jul 21)
- How tcpdump works? César Cárdenas (Jul 22)
- Re: How tcpdump works? Hannes Gredler (Jul 22)
- how pcap filter string works? Hu Thomas Pan (Jul 22)
- Re: how pcap filter string works? Guy Harris (Jul 22)
- Re: how pcap filter string works? Hu Thomas Pan (Jul 22)
- Re: how pcap filter string works? Guy Harris (Jul 22)
- Re: how pcap filter string works? Hu Thomas Pan (Jul 22)
- Re: anoncvs down? David Young (Jul 21)
- Re: anoncvs down? Michael Richardson (Jul 21)