09-19-2013
Berkley Packet Filter
Hi Folks!
Im trying to write a packet capture filter on a opnet device. The syntax there to write this filter is BPF.
What I wanna do is to capture everything, but from a certain ip-range I just wanna capture the header and not the payload. For your understanding: We are writing our backup to the databases during the night. So I dont want to capture all the payload of this backup I just want to capture the header-data.
So, I've read a lot about BPF and it's pretty cool. Comparing to a programming language you can specify a lot of "if"s. Like "if ip[0] = 9" and so on. But is it possible to specify a "then" clause? So: "IF this packet belongs to the backup stream, THEN just capture the header data".
Thanks a lot for your help
ati
6 More Discussions You Might Find Interesting
1. IP Networking
Hi,
Is there any way that i can directly take out the IP packet and see its contents.
Waiting for your answer ..............
Bye (4 Replies)
Discussion started by: manjunath
4 Replies
2. UNIX for Advanced & Expert Users
Hi,
Can somebody give me some information on System V & Berkley's Unix formats.
Any link will be helpful.
thanks (6 Replies)
Discussion started by: vibhor_agarwali
6 Replies
3. Programming
Hi,
Is there any simple way to stop a bpf device from seeing frames that it sent? An ioctl call perhaps? Any advice would be helpful (0 Replies)
Discussion started by: edwarky
0 Replies
4. Cybersecurity
Exercise:
Protection of WEB and DNS servers using the context-free rules for packet filtering:
- Protect your WEB-server, so that would be for him can be accessed by browsers, and could go to dns.
- Protect your primary DNS-server so that it could be to contact clients and secondary servers.... (1 Reply)
Discussion started by: numeracy
1 Replies
5. Homework & Coursework Questions
Exercise:
Protection of WEB and DNS servers using the context-free rules for packet filtering:
- Protect your WEB-server, so that would be for him can be accessed by browsers, and could go to dns.
- Protect your primary DNS-server so that it could be to contact clients and secondary servers.... (1 Reply)
Discussion started by: numeracy
1 Replies
6. AIX
(5 Replies)
Discussion started by: Vishal_dba
5 Replies
LEARN ABOUT PLAN9
pcap_set_tstamp_type
PCAP_SET_TSTAMP_TYPE(3PCAP) PCAP_SET_TSTAMP_TYPE(3PCAP)
NAME
pcap_set_tstamp_type - set the time stamp type to be used by a capture device
SYNOPSIS
#include <pcap/pcap.h>
int pcap_set_tstamp_type(pcap_t *p, int tstamp_type);
DESCRIPTION
pcap_set_tstamp_type() sets the the type of time stamp desired for packets captured on the pcap descriptor to the type specified by
tstamp_type. It must be called on a pcap descriptor created by pcap_create() that has not yet been activated by pcap_activate().
pcap_list_tstamp_types() will give a list of the time stamp types supported by a given capture device. See pcap-tstamp(7) for a list of
all the time stamp types.
RETURN VALUE
pcap_set_tstamp_type() returns 0 on success if the specified time stamp type is expected to be supported by the capture device, PCAP_WARN-
ING_TSTAMP_TYPE_NOTSUP on success if the specified time stamp type is not supported by the capture device, PCAP_ERROR_ACTIVATED if called
on a capture handle that has been activated, and PCAP_ERROR_CANTSET_TSTAMP_TYPE if the capture device doesn't support setting the time
stamp type.
SEE ALSO
pcap(3PCAP), pcap_list_tstamp_types(3PCAP), pcap_tstamp_type_name_to_val(3PCAP), pcap-tstamp(7)
21 August 2010 PCAP_SET_TSTAMP_TYPE(3PCAP)