Capture filter help

["Moheed Moheed Ahmad" <moheedm () gmail com>]

Hi,
I am stuck with a problem regarding Capture filter.

I had a packet with following structure.


eth_src_addr + eth_dest_addr + 2 bytes(0xf000) + 10 bytes of garbage + 2
bytes of ethertype + then usual packet[ip] follows

That is a normal ethernet packet with, 2 bytes (which is always fix and
different for all known ethertypes) + 10 bytes = 12 bytes,
inserted in between ethertype and start of network-layer header.

The problem I am facing is the same interface sometimes gives the normal
packet and sometimes with 12 bytes extra.
So when I apply the normal capture filter those with normal packets get
filtered out.

I want to modify libpcap capture filter in such a way that it can work with
the packets containing 12 extra bytes(ie skipping over these 12 bytes and
continue normal processing).

Can anyone help me out please.


-- 
Thanks,
Moheed Moheed Ahmad
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.