>For the same parameters tcpdump gives different bpf progs! >versions of libpcap are different (see below).
This is not surprising, since it's libpcap that generates the bpf program given the tcpdump command line. Your libpcap 0.4 is IPv4-only, but your libpcap 0.6 knows about IPv6 also (see it checking for ethertype 0x86dd?) >what's more interesting that if I run program >generated on first machine, on another one, it doesn't work! If it's running on the same hardware with the same capture options and the same version of libpcap, this is surprising. If any of those variables changed, it's not surprising. It's best to use libpcap on the machine you're doing the capture on, binding it to the interface that you're using to capture, to compile an expression at runtime. The output of "tcpdump -dd" has fairly limited utility. Bill - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
