How to set pcap filter to capture only UDP frames
Hi,
How can i set the pcap filter to capture only UDP frames?
Consulting the documentation of pcap i found that i should use pcap_compile and in the 3rd argument i enter the filter string
when i enter
i receive frames where the protocol feild differs from 17 ( the value of udp protocol)
Please any idea to solve this?
Thanks
How can i set the pcap filter to capture only UDP frames?
Consulting the documentation of pcap i found that i should use pcap_compile and in the 3rd argument i enter the filter string
when i enter
|
|
i receive frames where the protocol feild differs from 17 ( the value of udp protocol)
Please any idea to solve this?
Thanks
You need to add a capture filter to the BPF. I have an example somewhere, I'll try to find it.
So much data, so little time. I can't find the code I wrote just yet.
Check out these pages and look at how pcap_compile() is used. The second link describes the BPF filter syntax. Just specifying "udp" should suffice to filter UDP traffic.
http://www.tcpdump.org/pcap.html
http://yuba.stanford.edu/~casado/pcap/section3.html
Check out these pages and look at how pcap_compile() is used. The second link describes the BPF filter syntax. Just specifying "udp" should suffice to filter UDP traffic.
http://www.tcpdump.org/pcap.html
http://yuba.stanford.edu/~casado/pcap/section3.html
Topic archived. No new replies allowed.