Hello,
I am writing a program which takes advantage of libpcap but I've run into several problems with it: 1) Is there any way how I can specify in the filter description that it should match only incoming packets on some interface? inbound/outbound keywords work only for 'slip' (according to tcpdump man page). I could do that with 'not src host' and then put the local hostname after that, but is there a more general solution, without the need for local hostname or ip address?
No, there isn't. Please study the bpf manual page to find out what capabilities libpcap could export to its user, because libpcap uses bpf device on FreeBSD.
2) I can't figure out how to setup a filter so it could match several ports at once. For example, I want the filter to only match 21-25 and 113 ports for incoming traffic. How do I do that? Right know I can see only two solutions. I could simply sniff all the traffic, and then filter out the interesting ports by myself, or I could setup several filters each of which would be responsible for a specific port. But both solutions seem to be inefficient. Is there a better way to accomplish this? Any help will be greatly appriciated.
"port 21 or ... or port 25 or port 113"
-- Lev Walkin [EMAIL PROTECTED]
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
