--- Begin Message ---

I would like to use tcpdump and libpcap to filter and examine
batman-adv packets. batman-adv is a mesh routing protocol which
encapsulates layer 2 ethernet frames.

I know my way to identify batman-adv packets via raw ether filters.
What I would like to additionally do is filtering by fields of the
inner ethernet header.

I saw in the manpage that for various keys the decoding offset is
modified for the remainder of the expression.

My question is, is there a way to specify a custom decoding offset
for an encapsulating protocol that is not known by libpcap yet,
like batman-adv?

Or would I need to add batman-adv support to libpcap?

Regards, Linus

PS: The closest I found online so far is this:


Which suggests something like:

$ tcpdump -i eth0 -w - | editcap -C 82 - - | tcpdump -r -

However, ideally I would like to use a custom offset in a project
based on libpcap:


Where the tcpdump/editcap approach would currently not work.

So some native, custom decoding offset support for a filter
expression would be great.

--- End Message ---
tcpdump-workers mailing list

Reply via email to