> I am searching the internet for a good bpf filter > howto/tutorial/documentation/book but can't seem to find anything usefull. > So I turn to you guys for advice, anybody has a good link?
There are a few good writeups on the BPF, but I suspect that's not what you wnat. You're probably looking for instructions on writing BPF filter rules, which is usually not done directly, but through an "interpreter/compiler". Typically, the syntax used for tcpdump is used by most other applications I run that also use BPFs (like LaBrea), and you wind up with statements like: host 1.2.3.4 and not tcp port 22 So you probably want a tcpdump HOWTO, rather than a BPF howto...at the very least, the tcpdump man pages have pretty good explinations of the syntax. You can also use tcpdump to examine BPF rules that get compiled...use the -d, -dd, and/or -ddd switches to have tcpdump spit out the BPF ruleset created, rather than actually run (ie bpf compiler mode). HTH, Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
