Filtering based on multiple IP address.

["C Guy" <cybertet () gmail com>]

Hi,

I am writing an application that captures all the data in the network and
processes only the voice packets. In order to minimize the data that i
process, i have provided a capture filter based on the IP address of the
voip devices. The filter is like (host 192.168.117.23 || host
192.168.117.35...). As the number of devices is now less (10), i am
not facing much
problems. I am not sure if it will scale if the number increases, say 500.
Is there a better approach to this..

One way I figured out is to specify the network (net 192.168.117) as filter
string. But, the problem all the IP address may not be assigned to the voip
devices and there may be some non voip devices too that I may be
processing..

I would like to know
1. Is there is a limit in the length of filter string
2. What will be the performance impact because of having a huge filter
string.
3. Will PCAP automatically reduce the the filter string for performance.
4. Else, can some one provide with a logic to reduce the filter string (from
a lot of host address to a simple net address if possible).

With Regards,
Chris Guy.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.