Jefferson Ogata wrote: > > Alain Tombarel wrote: > > I would like to know if it is possible to filter with PCAP on a range of > > ports by using "pcap_compile" function. > > > > I tried several filter expressions but each one was rejected by the > > function : > > > > Examples of expressions I tried : > > > > "ip and (port >= 1000 and port <= 2000)" > > "ip and (port 1000 >= port 2000)" > > Alain, > > I have no problem compiling the first expression. What version of > tcpdump/libpcap are you using?
Correction: I do have trouble compiling the first expression. Coffee has not kicked in yet. Use syntax suggestted by <[EMAIL PROTECTED]>. Caveat below still applies. > Be cautious with the relative operators. In a recent discussion it became > apparent that the BPF code generation for relative operators has some bugs, > and you may not get what you expect. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]> - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
