So I think this is pretty much capturing almost all packets and finding out if the string is there before logging to a file !!
AnalogX PacketMonitor claims to be able to capture only packets that contain a string of our choice. It is says it works on XP (may be because of XP raw packet support) but I have XP Home Edition where Microsoft Network Monitor isn't supplied. And I couldn't even get AnalogX PacketMon to log packets with particular string as promised. So is this attempt to do the same with WinPcap. Wrong question for this mailing list: Has anyone successfully got Microsoft Network Monitor or AnalogX PacketMon to work on XP Home Edition ? Bala --- Guy Harris <[EMAIL PROTECTED]> wrote: > On Mon, Feb 24, 2003 at 12:08:20AM -0800, Balakrishnan Muthukrishnan > wrote: > > Because I am not from a UNIX background and dont > > have any knowledge about BPF, I am not able to > > understand the syntax for the parameter "filter" > > in pcap_compile function !!!! > > It's not a UNIX issue, any more than the C or C++ programming > language > is; libpcap/tcpdump, C, and C++ are available on non-UNIX systems > (which > you presumably already know, given that you're mailing to this list > :-)). > > > I want to only capture packets which have a particular > > word in the data field (say Kazaa). > > Unfortunately, that's *very* hard to do. BPF is a machine language > that > has 1-byte, 2-byte, and 4-byte loads, and compare instructions, so > it'd > have to be done by code that, for each offset at which the string > might > begin, tests whether there is such a string. > > > ================================================================== > This is the WinPcap users list. It is archived at > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > To unsubscribe use > mailto: [EMAIL PROTECTED] > ================================================================== __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================
