Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Berkley Packet Filter
Special Forums IP Networking Berkley Packet Filter Post 302855121 by ati on Thursday 19th of September 2013 05:19:27 AM
Old 09-19-2013
Berkley Packet Filter
Hi Folks!

Im trying to write a packet capture filter on a opnet device. The syntax there to write this filter is BPF.

What I wanna do is to capture everything, but from a certain ip-range I just wanna capture the header and not the payload. For your understanding: We are writing our backup to the databases during the night. So I dont want to capture all the payload of this backup I just want to capture the header-data.

So, I've read a lot about BPF and it's pretty cool. Comparing to a programming language you can specify a lot of "if"s. Like "if ip[0] = 9" and so on. But is it possible to specify a "then" clause? So: "IF this packet belongs to the backup stream, THEN just capture the header data".

Thanks a lot for your help
ati
 

6 More Discussions You Might Find Interesting

1. IP Networking

Seeing IP packet

Hi, Is there any way that i can directly take out the IP packet and see its contents. Waiting for your answer .............. Bye (4 Replies)
Discussion started by: manjunath
4 Replies

2. UNIX for Advanced & Expert Users

Need information about System V & Berkley Syntax for Unix

Hi, Can somebody give me some information on System V & Berkley's Unix formats. Any link will be helpful. thanks (6 Replies)
Discussion started by: vibhor_agarwali
6 Replies

3. Programming

Berkley Packet Filter Question

Hi, Is there any simple way to stop a bpf device from seeing frames that it sent? An ioctl call perhaps? Any advice would be helpful (0 Replies)
Discussion started by: edwarky
0 Replies

4. Cybersecurity

filter packet

Exercise: Protection of WEB and DNS servers using the context-free rules for packet filtering: - Protect your WEB-server, so that would be for him can be accessed by browsers, and could go to dns. - Protect your primary DNS-server so that it could be to contact clients and secondary servers.... (1 Reply)
Discussion started by: numeracy
1 Replies

5. Homework & Coursework Questions

filter packet

Exercise: Protection of WEB and DNS servers using the context-free rules for packet filtering: - Protect your WEB-server, so that would be for him can be accessed by browsers, and could go to dns. - Protect your primary DNS-server so that it could be to contact clients and secondary servers.... (1 Reply)
Discussion started by: numeracy
1 Replies

6. AIX

Packet loss coming with big packet size ping

(5 Replies)
Discussion started by: Vishal_dba
5 Replies

LEARN ABOUT PLAN9

pcap_set_tstamp_type

PCAP_SET_TSTAMP_TYPE(3PCAP)											       PCAP_SET_TSTAMP_TYPE(3PCAP)

NAME

       pcap_set_tstamp_type - set the time stamp type to be used by a capture device

SYNOPSIS

       #include <pcap/pcap.h>

       int pcap_set_tstamp_type(pcap_t *p, int tstamp_type);

DESCRIPTION

       pcap_set_tstamp_type()  sets  the  the  type  of  time  stamp  desired for packets captured on the pcap descriptor to the type specified by
       tstamp_type.  It must be called on a pcap descriptor created  by  pcap_create()	that  has  not	yet  been  activated  by  pcap_activate().
       pcap_list_tstamp_types()  will  give  a list of the time stamp types supported by a given capture device.  See pcap-tstamp(7) for a list of
       all the time stamp types.

RETURN VALUE

       pcap_set_tstamp_type() returns 0 on success if the specified time stamp type is expected to be supported by the capture device,	PCAP_WARN-
       ING_TSTAMP_TYPE_NOTSUP  on  success if the specified time stamp type is not supported by the capture device, PCAP_ERROR_ACTIVATED if called
       on a capture handle that has been activated, and PCAP_ERROR_CANTSET_TSTAMP_TYPE if the capture device  doesn't  support	setting  the  time
       stamp type.

SEE ALSO

       pcap(3PCAP), pcap_list_tstamp_types(3PCAP), pcap_tstamp_type_name_to_val(3PCAP), pcap-tstamp(7)

								  21 August 2010				       PCAP_SET_TSTAMP_TYPE(3PCAP)
All times are GMT -4. The time now is 09:13 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy