Hello,
I have a pcap based app that takes input from stdin. I need to pass
the output directly to stdout for another program to handle. This is straight
forward. No problem.
In addition I need to write to file a filtered selection of the packets
taken from stdin. ie I want to apply a filter to the feed from stdin
and write matches to my file.
ie:
tcpdump -i eth0 -w - | myapp -r - -w - -o filterPkts.bin | someotherappp
the program myapp is described above. Its part of a chain (pipe) that
is fed by tcpdump.
The problem I have is that although I can write to file filterPkts.bin
and stdout simultaneously, I cannot find a way to write *all* packets to
stdout *AND* write a filtered selection to the file filterPkts.bin
I can decode the packets and do my own filter, but I would like to use the
pcap filter system.
ie I want to apply a BPF filter only to the packets I write to file and
not to the packets written to stdout.
pcap_setfilter(handle, &filter) can only be applied to a source and not
a destination.
Any suggestion on how I can achieve my 'filtered-tee' functionality?
--
__o _~o __o
`\<, `\<, `\<,
______________________________________(*)/_(*)__(*)/_(*)__(*)/_(*)________
Im a 21st Century Digital Boy ... I aint got a life, but I got lotsa toys.
******************* Joe Elliott [EMAIL PROTECTED] ********************
Phone:(650)961-6631 Cell:(650)714-3932 Inetd.Com http://inetd.com
--------------------------------------------------------------------------
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
