tcpdump mailing list archives
Re: pcap_compile and tcpdump syntax
From: Guy Harris <guy () alum mit edu>
Date: Wed, 13 Oct 2004 15:51:40 -0700
(Blah blah blah defeat duplicate detector blah blah blah once again I forgot to send with my alum.mit.edu address in the from line blah blah blah Thunderbird blah blah blah time to pester Bugzilla.)
Travis wrote:
Is it not correct that pcap_compile takes in a filter program with tcpdump syntax?
Given that tcpdump syntax is implemented by tcpdump calling "pcap_compile()", yes, it is correct.
If so then why is it that when I try to compile the program "host 129.244.241.XXX", where XXX is an actual number, does the compile function fail on me?
What was the error message from "pcap_compile()"? And did you just do
something such as
pcap_compile(p, &bpfprogram, "host 129.244.241.XXX", {optimize flag},
{netmask});
and, if so, what are the values of the optimize flag and of netmask?
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- pcap_compile and tcpdump syntax Travis (Oct 13)
- Re: pcap_compile and tcpdump syntax Guy Harris (Oct 13)
- Re: pcap_compile and tcpdump syntax Travis (Oct 13)
- Re: pcap_compile and tcpdump syntax Guy Harris (Oct 13)