tcpdump mailing list archives

Re: pcap question

From: Guy Harris <guy () netapp com>
Date: Wed, 8 Jan 2003 19:27:27 -0800

On Wed, Jan 08, 2003 at 10:17:20PM -0500, subramoni padmanabhan wrote:

   I have a problem capturing packets using pcap. My application requires me 
to capture RAW(packets sent from a RAW socket whose IP header has been 
constructed by the sending application) packets with a particular protocol 
number. What might be the filter expression be for such a capture to be 
effected? I tried "ip[10]=IPPROTO_MYESP" where IPPROTO_MYESP is a 
user-defined protocol but this doesn't seem to work.


Try

        ip proto IPPROTO_MYESP

where IPPROTO_MYESP is the protocol number of your protocol.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

pcap question subramoni padmanabhan (Jan 08)
- Re: pcap question Guy Harris (Jan 08)
- <Possible follow-ups>
- pcap question subramoni padmanabhan (Feb 20)