I am using an up-to-date-as-of-today snapshot of tcpdump 3.6 on my
network. I was trying to dump and filter packets on my Internet
interface which is PPPoE. After I could not get any filters other than
ethernet filters to work it hit me like a ton of bricks.
libpcap cannot compile working filter code (i.e. ip src host a.b.c.d) if
there are additional layers between the mac layer and ip layer (as is
the case of PPPoE) because it's offset values into higher level
protocols are hardcoded.
I am not sure what can be done about it though? Should libpcap read
some packets, adjust it's filtering offsets, and throw the read packets
away until it has figured out what layers exist on a network?
Thots?
b.
--
Brian J. Murrell
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
