From owner-freebsd-hackers@FreeBSD.ORG Sun Aug 3 12:14:46 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0281037B401 for ; Sun, 3 Aug 2003 12:14:46 -0700 (PDT) Received: from avocet.mail.pas.earthlink.net (avocet.mail.pas.earthlink.net [207.217.120.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 66F7443F3F for ; Sun, 3 Aug 2003 12:14:45 -0700 (PDT) (envelope-from andrei@andruxa.sytes.net) Received: from h-68-164-154-78.snvacaid.covad.net ([68.164.154.78] helo=andruxa.sytes.net) by avocet.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 19jOJY-00046g-00 for freebsd-hackers@freebsd.org; Sun, 03 Aug 2003 12:14:44 -0700 Received: from andruxa.sytes.net (localhost [127.0.0.1]) by andruxa.sytes.net (8.12.9/8.12.9) with ESMTP id h73JDncP001365 for ; Sun, 3 Aug 2003 12:13:49 -0700 (PDT) (envelope-from andrei@andruxa.sytes.net) Received: (from andrei@localhost) by andruxa.sytes.net (8.12.9/8.12.9/Submit) id h73JDhZ9001364 for freebsd-hackers@freebsd.org; Sun, 3 Aug 2003 12:13:43 -0700 (PDT) Date: Sun, 3 Aug 2003 12:13:43 -0700 From: Andrew Konstantinov To: freebsd-hackers@freebsd.org Message-ID: <20030803191343.GA1224@andruxa.sytes.net> Mail-Followup-To: Andrew Konstantinov , freebsd-hackers@freebsd.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="lrZ03NoBR/3+SXJZ" Content-Disposition: inline User-Agent: Mutt/1.4.1i Subject: libpcap X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 03 Aug 2003 19:14:46 -0000 --lrZ03NoBR/3+SXJZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hello, I am writing a program which takes advantage of libpcap but I've run into several problems with it: 1) Is there any way how I can specify in the filter description that it should match only incoming packets on some interface? inbound/outbound keywords work only for 'slip' (according to tcpdump man page). I could do that with 'not src host' and then put the local hostname after that, but is there a more general solution, without the need for local hostname or ip address? 2) I can't figure out how to setup a filter so it could match several ports at once. For example, I want the filter to only match 21-25 and 113 ports for incoming traffic. How do I do that? Right know I can see only two solutions. I could simply sniff all the traffic, and then filter out the interesting ports by myself, or I could setup several filters each of which would be responsible for a specific port. But both solutions seem to be inefficient. Is there a better way to accomplish this? Any help will be greatly appriciated. Thanks in advance. Andrew --lrZ03NoBR/3+SXJZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/LV7nttaE8kbpwrARAkcBAJ4l8ySo2vRGrjCA51uktzon3owQYwCcCkcL LrxIUZOPTJfsZ3wSD9vmrz4= =Z5DW -----END PGP SIGNATURE----- --lrZ03NoBR/3+SXJZ--