Re: libpcap

From: Lev Walkin (vlm_at_netli.com)
Date: 08/04/03

  • Next message: Greg 'groggy' Lehey: "Re: Netgraph node, first steps in kernel land and a bloody crash dump" 
    Date: Sun, 03 Aug 2003 21:20:02 -0700
To: Andrew Konstantinov <andrei@andruxa.sytes.net>

    Andrew Konstantinov wrote:
    > Hello,
    >
    > I am writing a program which takes advantage of libpcap but I've run into
    > several problems with it: 1) Is there any way how I can specify in the
    > filter description that it should match only incoming packets on some
    > interface? inbound/outbound keywords work only for 'slip' (according to
    > tcpdump man page). I could do that with 'not src host' and then put the
    > local hostname after that, but is there a more general solution, without
    > the need for local hostname or ip address?

    No, there isn't. Please study the bpf manual page to find out what
    capabilities libpcap could export to its user, because libpcap uses
    bpf device on FreeBSD.

    > 2) I can't figure out how to
    > setup a filter so it could match several ports at once. For example, I
    > want the filter to only match 21-25 and 113 ports for incoming traffic.
    > How do I do that? Right know I can see only two solutions. I could simply
    > sniff all the traffic, and then filter out the interesting ports by
    > myself, or I could setup several filters each of which would be
    > responsible for a specific port. But both solutions seem to be
    > inefficient. Is there a better way to accomplish this? Any help will be
    > greatly appriciated.

    "port 21 or ... or port 25 or port 113" 

    -- 
Lev Walkin
vlm@netli.com
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
  • Next message: Greg 'groggy' Lehey: "Re: Netgraph node, first steps in kernel land and a bloody crash dump"

    Relevant Pages

    • Re: Port 1214 - Is It Used For A Specific Purpose?
      ... >> for any number of mystery ports to every accessible address in your ... >> would be passing TCP setup for this port on to you in the first place, ... > ADSL Modem/Router ... But irregardless of the type of filter, ...
      (FreeBSD-Security)
    • Re: Source Code to Filter out WindowsMessenger POP-UPS
      ... rejecting all traffic on those same ports from any other IP. ... I just want to filter out ... >>sample code that compiles on Linux, ... >>apply pass/fail rules to - provided the router isn't one ...
      (microsoft.public.inetserver.iis.security)
    • Re: controling ports
      ... I have a dedicated filter up, ... Personal firewalls ... and do a few reg. ... > what ports it can and can't use. ...
      (microsoft.public.win2000.security)
    • Re: Port 135 Probes Continue
      ... I'm one who also doesn't believe the ISP ... should decide what ports to filter. ... linux intrusions vs. windows intrusions and factor in windows being on ...
      (comp.security.misc)
    • Re: Port 135 Probes Continue
      ... I'm one who also doesn't believe the ISP ... should decide what ports to filter. ... linux intrusions vs. windows intrusions and factor in windows being on ...
      (comp.os.linux.security)