tcpdump mailing list archives

Re: tcpdump and BPF filters

From: "Geoffrey Sisson" <geoff () geoff co uk>
Date: Tue, 12 Jul 2011 20:25:38 -0700

Sam Roberts <vieuxtech () gmail com> wrote:

Since you are contemplating writing BPF filters by hand, you probably
already have considered this,
but I think you could modify tcpdump to create a bpf_program from your
input, bypassing its call to pcap_compile(). Maybe use -F to provide
the raw instructions.


That is what I was contemplating.  For this to be useful, it would have
to find its way into the release version.  The target users are the
name server operators who periodically supply data to us at DNS-OARC
(https://www.dns-oarc.net/ditl/2011).  It would be impractical to expect
them to maintain a patched version of tcpdump on all of their various
collection platforms.

Geoff
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

tcpdump and BPF filters Geoffrey Sisson (Jul 10)
- Re: tcpdump and BPF filters Guy Harris (Jul 10)
  - Re: tcpdump and BPF filters Geoffrey Sisson (Jul 10)
    - Re: tcpdump and BPF filters Guy Harris (Jul 10)
    - Re: tcpdump and BPF filters Geoffrey Sisson (Jul 10)
    - Re: tcpdump and BPF filters Guy Harris (Jul 11)
    - Re: tcpdump and BPF filters Geoffrey Sisson (Jul 11)
    - Re: tcpdump and BPF filters Darren Reed (Jul 12)
    - Re: tcpdump and BPF filters Geoffrey Sisson (Jul 12)
    - Re: tcpdump and BPF filters Sam Roberts (Jul 12)
    - Re: tcpdump and BPF filters Geoffrey Sisson (Jul 12)