From owner-freebsd-hackers@FreeBSD.ORG Sun Aug 3 21:18:11 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D78037B401 for ; Sun, 3 Aug 2003 21:18:11 -0700 (PDT) Received: from smtp.netli.com (ip2-pal-focal.netli.com [66.243.52.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9D45743FBF for ; Sun, 3 Aug 2003 21:18:10 -0700 (PDT) (envelope-from vlm@netli.com) Received: (qmail 18836 invoked by uid 84); 4 Aug 2003 04:18:10 -0000 Received: from vlm@netli.com by l3-1 with qmail-scanner-0.96 (uvscan: v4.1.40/v4121. . Clean. Processed in 0.141084 secs); 04 Aug 2003 04:18:10 -0000 Received: from unknown (HELO netli.com) (172.17.1.12) by mx01-pal-lan.netli.lan with SMTP; 4 Aug 2003 04:18:10 -0000 Message-ID: <3F2DDEF2.4070401@netli.com> Date: Sun, 03 Aug 2003 21:20:02 -0700 From: Lev Walkin Organization: Netli, Inc. User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.3.1) Gecko/20030521 X-Accept-Language: ru, en-us, en MIME-Version: 1.0 To: Andrew Konstantinov References: <20030803191343.GA1224@andruxa.sytes.net> In-Reply-To: <20030803191343.GA1224@andruxa.sytes.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-hackers@freebsd.org Subject: Re: libpcap X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Aug 2003 04:18:11 -0000 Andrew Konstantinov wrote: > Hello, > > I am writing a program which takes advantage of libpcap but I've run into > several problems with it: 1) Is there any way how I can specify in the > filter description that it should match only incoming packets on some > interface? inbound/outbound keywords work only for 'slip' (according to > tcpdump man page). I could do that with 'not src host' and then put the > local hostname after that, but is there a more general solution, without > the need for local hostname or ip address? No, there isn't. Please study the bpf manual page to find out what capabilities libpcap could export to its user, because libpcap uses bpf device on FreeBSD. > 2) I can't figure out how to > setup a filter so it could match several ports at once. For example, I > want the filter to only match 21-25 and 113 ports for incoming traffic. > How do I do that? Right know I can see only two solutions. I could simply > sniff all the traffic, and then filter out the interesting ports by > myself, or I could setup several filters each of which would be > responsible for a specific port. But both solutions seem to be > inefficient. Is there a better way to accomplish this? Any help will be > greatly appriciated. "port 21 or ... or port 25 or port 113" -- Lev Walkin vlm@netli.com