Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Libpcap: Set a filter. (C)
Top Forums Programming Libpcap: Set a filter. (C) Post 302321923 by Dedalus on Tuesday 2nd of June 2009 11:08:48 AM
Old 06-02-2009
Libpcap: Set a filter. (C)
Hi

I'm reading about the libpcap documentation. I see that with the function:

pcap_setfilter ( pcap_t *p, struct bpf_program *fp)

we can choose to take one packet instead another.
I read that the struct bpf_program allow us to create a packet filter , ....so if I want just sample some pkts at a given rate, for example I'd like to take 1 packet every 10 (no matter which sourc or dest), have I to set in the right way the struct bpf_program?
Or is there another way?


thx in advance

Dedalus.
 

8 More Discussions You Might Find Interesting

1. Programming

Extract payload with libpcap

hi! :) im having a problem while extracting payload from a tcp packet that is captured with libpcap. this is what ive got so far: const struct ethernet_header *ethernet; const struct ip_header *ip; const struct tcp_header *tcp; const char *payload; u_int size_ip; ... (0 Replies)
Discussion started by: shuwo
0 Replies

2. Programming

using libpcap with timeout

I want to write a small application using Libpcap in C on Linux. Currently, it starts to sniff and waits for the packets. But that's not what I need actually. I want it to wait for N seconds and then stop listening. (I think there's something wrong with my usage of 'pcap_open_live'...) How... (0 Replies)
Discussion started by: xyzt
0 Replies

3. Shell Programming and Scripting

How set filter netstat -an | grep -P '\:'38''

Hi, I can write sh script for Linux platform I run: netstat -an | grep -P '\:'38''| grep ESTABLISHED but result: # netstat -an | grep -P '\:'38''| grep ESTABLISHED tcp 0 0 172.16.1.107:383 172.16.1.81:49981 ESTABLISHED tcp 0 0... (8 Replies)
Discussion started by: ostapv
8 Replies

4. Shell Programming and Scripting

Filter a .kml file (xml) with data set from text file

I have a .kml file. So I want filter the .kml to get only the tags that have this numeric codes that they are in a text file 11951 11952 74014 11964 11965 11969 11970 11971 11972 60149 74018 74023 86378 11976 11980 11983 11984 11987 (5 Replies)
Discussion started by: pcoj33
5 Replies

5. UNIX for Dummies Questions & Answers

Command line / script option to filter a data set by values of one column

Hi all! I have a data set in this tab separated format : Label, Value1, Value2 An instance is "data.txt" : 0 1 1 -1 2 3 0 2 2 I would like to parse this data set and generate two files, one that has only data with the label 0 and the other with label -1, so my outputs should be, for... (1 Reply)
Discussion started by: gnat01
1 Replies

6. Shell Programming and Scripting

awk script to filter the numbers which are around the set value

Hi All, I have one sensor output(over the same) for a set value of 20. Time(in Sec), Data 1, 16 2, 20 3, 24 4, 22 5, 21 6, 20 7, 19.5 8, 20 9, 20.5 10, 20 11, 20 12, 19.5 Here we can see like after 5 sec of time the data value reaches to 20+-0.5 range. So I... (7 Replies)
Discussion started by: ks_reddy
7 Replies

7. Shell Programming and Scripting

awk : Filter a set of data to parse header line and last field of multiple same match.

Hi Experts, I have a data with multiple entry , I want to filter PKG= & the last column "00060110" or "00088150" in the output file: ############################################################################################### PKG= P8SDB :: VGS = vgP8SOra vgP8SDB1 vgP8S001... (5 Replies)
Discussion started by: rveri
5 Replies

8. UNIX for Beginners Questions & Answers

Need to filter the result set within 2 time frame

my sample file is like this $cat onefile 05/21/18 13:10:07 ABRT US1CPDAY Status 1 05/21/18 21:18:54 ABRT DailyBackup_VFFPRDAPENTL01 Status 6 05/21/18 21:26:24 ABRT DailyBackup_VFFPRDAPENTL02 Status 6 05/21/18 21:57:36 ABRT DailyBackup_vm-ea1ffpreng01 Status 6... (7 Replies)
Discussion started by: gotamp
7 Replies

LEARN ABOUT V7

pcap_compile

PCAP_COMPILE(3PCAP)													       PCAP_COMPILE(3PCAP)

NAME

       pcap_compile - compile a filter expression

SYNOPSIS

       #include <pcap/pcap.h>

       int pcap_compile(pcap_t *p, struct bpf_program *fp,
	       const char *str, int optimize, bpf_u_int32 netmask);

DESCRIPTION

       pcap_compile()  is  used  to compile the string str into a filter program.  See pcap-filter(7) for the syntax of that string.  program is a
       pointer to a bpf_program struct and is filled in by pcap_compile().  optimize controls whether optimization on the resulting code  is  per-
       formed.	 netmask  specifies  the  IPv4	netmask of the network on which packets are being captured; it is used only when checking for IPv4
       broadcast addresses in the filter program.  If the netmask of the network on which packets are being captured isn't known to  the  program,
       or  if  packets	are  being  captured  on  the Linux "any" pseudo-interface that can capture on more than one network, a value of PCAP_NET-
       MASK_UNKNOWN can be supplied; tests for IPv4 broadcast addresses will fail to compile, but all other tests in the filter  program  will	be
       OK.

RETURN VALUE

       pcap_compile()  returns 0 on success and -1 on failure.	If -1 is returned, pcap_geterr() or pcap_perror() may be called with p as an argu-
       ment to fetch or display the error text.

SEE ALSO

       pcap(3PCAP), pcap_setfilter(3PCAP), pcap_freecode(3PCAP), pcap_geterr(3PCAP), pcap-filter(7)

								   5 April 2008 					       PCAP_COMPILE(3PCAP)
All times are GMT -4. The time now is 01:43 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy