Alain Tombarel wrote: > I would like to know if it is possible to filter with PCAP on a range of > ports by using "pcap_compile" function. > > I tried several filter expressions but each one was rejected by the > function : > > Examples of expressions I tried : > > "ip and (port >= 1000 and port <= 2000)" > "ip and (port 1000 >= port 2000)"
Alain, I have no problem compiling the first expression. What version of tcpdump/libpcap are you using? Be cautious with the relative operators. In a recent discussion it became apparent that the BPF code generation for relative operators has some bugs, and you may not get what you expect. -- Jefferson Ogata <[EMAIL PROTECTED]> NOAA Computer Incident Response Team (N-CIRT) <[EMAIL PROTECTED]> - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
