On Wed, Jan 08, 2003 at 10:17:20PM -0500, subramoni padmanabhan wrote:
> I have a problem capturing packets using pcap. My application requires me
> to capture RAW(packets sent from a RAW socket whose IP header has been
> constructed by the sending application) packets with a particular protocol
> number. What might be the filter expression be for such a capture to be
> effected? I tried "ip[10]=IPPROTO_MYESP" where IPPROTO_MYESP is a
> user-defined protocol but this doesn't seem to work.
Try
ip proto IPPROTO_MYESP
where IPPROTO_MYESP is the protocol number of your protocol.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
