Date: Thu, 7 Jan 2016 11:17:30 -0600 From: Juan Herrera <mybsdmailing@gmail.com> To: freebsd-net@freebsd.org Subject: tcpdump filter length Question Message-ID: <CAAN2wCA6mu-dFaE7W88z0zBydxaEBiX4W%2BjTLBOgRXG_cUw8DQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello all,
I am trying to do a tcpdump filter like below
The idea is to filter all ethernet frames and where the frame ends as I
understand keyword *len *has the total length of the captured packet,
substracts 85 positions and compare if byte in position len - 85 is equal
to hex 0x2.
Does anybody know what am I doing wrong?,
As tcpdump does not complain when executing that command, but the filter
when attached to my C program does not work I am attaching that code with
setsockopt(2) - SO_ATTACH_FILTER
sudo tcpdump 'ether [ len ] - 85 = 0x2' -dd
{ 0x80, 0, 0, 0x00000000 },
{ 0x7, 0, 0, 0x00000000 },
{ 0x50, 0, 0, 0x00000000 },
{ 0x14, 0, 0, 0x00000055 },
{ 0x54, 0, 0, 0x000000ff },
{ 0x15, 0, 1, 0x00000002 },
{ 0x6, 0, 0, 0x0000ffff },
{ 0x6, 0, 0, 0x00000000 },
Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAN2wCA6mu-dFaE7W88z0zBydxaEBiX4W%2BjTLBOgRXG_cUw8DQ>