tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pcap filter

From: Dan Joumaa <nessup () gmail com>
Date: Sat, 01 Apr 2006 16:25:43 -0700
Alexander Dupuy wrote:

The ethernet frame has dest address first, then source. You want ether[6] through ether[8] for source address filtering.


@alex


Ah, I see.
The funny thing is, when I try this in tcpdump, it works, but in my app I still don't get any packets.
I've scanned through the tcpdump code and it is pretty much doing the exact same thing as my app in terms of setting the filter, so I'm clueless on why it wouldn't work. :/ 

--ness
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: