On 02/15/2013 02:40 PM, Jon Schipp wrote:
When using a libpcap style filter with netsniff-ng via -f " " is the libpcap buffer used and thus ``fast-path'' is not achieved?
No, the ``fast-path'' resp. our code is executed in any way.
Or does netsniff-ng -f " " only compile the libpcap-like filter via libpcap i.e. Having the same resulting effect as using "tcpdump -dd > filter.bpf" and passing the file like "netsniff-ng --in eth0 -f filter.bpf"
Yes, using a tcpdump-like filter in netsniff-ng, e.g. like: netsniff-ng --in eth0 -f tcp or udp netsniff-ng --in eth0 tcp or udp ... will have the same effect as if you would do tcpdump -dd, pipe the output to a file, and load it with -f <file> from netsniff-ng. Meaning, libpcap is *only* used to compile a tcpdump-like BPF filter (since many people find this useful and know about tcpdump's filter syntax) and nothing more. All the rest is handled by netsniff-ng. -- You received this message because you are subscribed to the Google Groups "netsniff-ng" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
