Greetings, I am trying to use the pcap library to write my own sniffer and I am having some difficulties with the filters. I've got a particular filter that I've used in the tcpdump command line with no problems, but when I pass that same filter string to the pcap_compile() function, I get an error. Isn't the format the same? The filter expression contains several differnet parameters.
using tcpdump with this command line works just fine: tcpdump -i hme1 -X -s 1550 port 5190 and 'tcp[20:2] = 10754' and '(tcp[26:4] = 0x00040007 or tcp[26:4] = 0x00040006)' using my own routing with the pcap_compile() function returns an error. char filter[] = "port 5190 and 'tcp[20:2] = 10754' and '(tcp[26:4] = 0x00040007 or tcp[26:4] = 0x00040006)'" - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
