Re: From pcap_filter manual...

[Guy Harris <guy () alum mit edu>]

On Apr 27, 2009, at 8:19 PM, Eddie Harari wrote:

> BUGS section:
> "  Filter  expressions  on  fields other than those in 802.11  
> headers will
>  not correctly handle 802.11 data packets with both To DS  and   
> From  DS
>  set."
>
> is this only for libpcap programmers  ? or also tcpdump users ?

tcpdump uses libpcap for its capture filtering, so it applies to  
tcpdump users.

> I have same program that basically sets a filter and sniff the  
> network for
> packets after that...
> what i see as a behavior is the following:
>
> Network A -> program runs with no problems. (AP is Edimax..ED.).
> Network B -> program runs ( on same machine), but the filter does  
> not seem
> to work. if i set the filter to something very very simple such as
> filter="icmp" it does not seems to show me any packet ( not even  
> 1 ) , but
> if i use tcpdump command  with the same filter on the same network  
> device,
> it does show me the packets.

Either:

        1) there's a bug in the program

or

	2) perhaps the program is using a different version of libpcap from  
the one tcpdump uses.

We'd need to see the source to the program - or, at least, the parts  
that use libpcap - to determine whether there's a bug in it or not.

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.