For tcpdump, it should be: sudo tcpdump -i nic_name udp and \( \( host host1 and port port1 \) or \( host host2 and port port2 \) \)
In the code, both of formats failed. Since I use C++, the above string would be changed to "udp and \\( \\( host host1 and port port1 \\) or \\( host host2 and port port2 \\) \\)". Besides, once I change the filter string to be "udp", I CAN get all the data through the callback function. So, the problem is about filter string, not about my code. Best, Thomas -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris Sent: Thursday, July 22, 2004 1:15 PM To: [EMAIL PROTECTED] Subject: Re: [tcpdump-workers] how pcap filter string works? On Jul 22, 2004, at 1:13 PM, Hu Thomas Pan wrote: > Still not work. No data comes into my callback function. But tcpdump, with the same filter, shows packets? We'd have to see the source to your program to figure out what the problem is. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
