> so i need to filter via expression all ip-packets containing
> my login and password information except the packets from
> my own ip-adress/fingerprint.
The "except the packets from my own IP address" part is easy.
The "all IP packets containing my login and password information" part
isn't; filter expressions compile into "machine code" for the BPF
virtual machine, and I suspect it would, at best, significantly
complicate the libpcap code generator to handle code such as that (and
if it can only be done with a loop, it'd be *impossible* to do, as the
BPF machine language doesn't have backward branches).
You might want to check out Itojun's suggestion of dsniff:
http://www.monkey.org/~dugsong/dsniff/
and perhaps also look at Snort:
http://www.snort.org/
(the "Writing Snort Rules" document lists a "content" keyword:
The content keyword is one of the more important features of
Snort. It allows the user to set rules that search for specific
content in the packet payload and trigger response based on that
data. Whenever a content option pattern match is performed, the
Boyer-Moore pattern match function is called and the (rather
computationally expensive) test is performed against the packet
contents. If data exactly matching the argument data string os
contained anywhere within the packet's payload, the test is
successful and the remainder of the rule option tests are
performed. Be aware that this test is case sensitive.)
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
