tcpdump mailing list archives
Capture filter help
From: "Moheed Moheed Ahmad" <moheedm () gmail com>
Date: Thu, 17 Jan 2008 18:50:37 +0530
Hi, I am stuck with a problem regarding Capture filter. I had a packet with following structure. eth_src_addr + eth_dest_addr + 2 bytes(0xf000) + 10 bytes of garbage + 2 bytes of ethertype + then usual packet[ip] follows That is a normal ethernet packet with, 2 bytes (which is always fix and different for all known ethertypes) + 10 bytes = 12 bytes, inserted in between ethertype and start of network-layer header. The problem I am facing is the same interface sometimes gives the normal packet and sometimes with 12 bytes extra. So when I apply the normal capture filter those with normal packets get filtered out. I want to modify libpcap capture filter in such a way that it can work with the packets containing 12 extra bytes(ie skipping over these 12 bytes and continue normal processing). Can anyone help me out please. -- Thanks, Moheed Moheed Ahmad - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Capture filter help Moheed Moheed Ahmad (Jan 17)
- Re: Capture filter help Jefferson Ogata (Jan 17)
- Re: Capture filter help Jefferson Ogata (Jan 17)
- Re: Capture filter help Jefferson Ogata (Jan 17)