PCAP_SETFILTER(3PCAP)PCAP_SETFILTER(3PCAP)NAME
pcap_setfilter - set the filter
SYNOPSIS
#include <pcap/pcap.h>
int pcap_setfilter(pcap_t *p, struct bpf_program *fp);
DESCRIPTION
pcap_setfilter() is used to specify a filter program. fp is a pointer to a bpf_program struct, usually the result of a call to pcap_com-
pile().
RETURN VALUE
pcap_setfilter() returns 0 on success and -1 on failure. If -1 is returned, pcap_geterr() or pcap_perror() may be called with p as an
argument to fetch or display the error text.
SEE ALSO pcap(3PCAP), pcap_compile(3PCAP), pcap_geterr(3PCAP)
5 April 2008 PCAP_SETFILTER(3PCAP)
Check Out this Related Man Page
PCAP_COMPILE(3PCAP)PCAP_COMPILE(3PCAP)NAME
pcap_compile - compile a filter expression
SYNOPSIS
#include <pcap/pcap.h>
int pcap_compile(pcap_t *p, struct bpf_program *fp,
const char *str, int optimize, bpf_u_int32 netmask);
DESCRIPTION
pcap_compile() is used to compile the string str into a filter program. See pcap-filter(7) for the syntax of that string. program is a
pointer to a bpf_program struct and is filled in by pcap_compile(). optimize controls whether optimization on the resulting code is per-
formed. netmask specifies the IPv4 netmask of the network on which packets are being captured; it is used only when checking for IPv4
broadcast addresses in the filter program. If the netmask of the network on which packets are being captured isn't known to the program,
or if packets are being captured on the Linux "any" pseudo-interface that can capture on more than one network, a value of PCAP_NET-
MASK_UNKNOWN can be supplied; tests for IPv4 broadcast addresses will fail to compile, but all other tests in the filter program will be
OK.
RETURN VALUE
pcap_compile() returns 0 on success and -1 on failure. If -1 is returned, pcap_geterr() or pcap_perror() may be called with p as an argu-
ment to fetch or display the error text.
SEE ALSO pcap(3PCAP), pcap_setfilter(3PCAP), pcap_freecode(3PCAP), pcap_geterr(3PCAP), pcap-filter(7)
5 April 2008 PCAP_COMPILE(3PCAP)
hi
plz help me modifying the following code (use pcap) to include concepts of parallel programming or multi threading. I am trying from the past 1 week to change the code and apply concepts of threads but have been unsuccessful.. pls guide me..
/* This section contains additional information... (1 Reply)
HI
For the past 1 week i have been trying to include the concepts of parallel programming or thread in the sniffex.c code. Haven't been able to..
Please suggest sm appropriate modifications to the following code:
/*
* sniffex.c
*
* Sniffer example of TCP/IP packet capture using... (1 Reply)
Hi
I'm reading about the libpcap documentation. I see that with the function:
pcap_setfilter ( pcap_t *p, struct bpf_program *fp)
we can choose to take one packet instead another.
I read that the struct bpf_program allow us to create a packet filter , ....so if I want just sample some... (2 Replies)
I want to write a small application using Libpcap in C on Linux.
Currently, it starts to sniff and waits for the packets. But that's not what I need actually. I want it to wait for N seconds and then stop listening. (I think there's something wrong with my usage of 'pcap_open_live'...)
How... (0 Replies)
Hi all
My application is a monitoring application that monitors the incoming udp packet when ever required. When ever a particular source ip and port and dest ip and port is provided the filter will be framed based them. For eg,
char filterExpr;
filterExpr = "udp and src host 192.168.16.100... (0 Replies)