> Just want to confirm if the following set of calls is
> sufficient:
>
> pcap_open_offline()
> pcap_compile()
> pcap_setfilter()
> pcap_dispatch()
Other than using "pcap_loop()" rather than "pcap_dispatch()", that's
what tcpdump does.
> Since this is a trace file and not a live capture,
> what value should I use for the subnetmask argument
> required by pcap_compile.
0, just as tcpdump does on a capture file. All that means is that
filter expressions that use the netmask, namely tests for broadcast IPv4
addresses, won't necessarily work (although I think they'll still match
255.255.255.255).
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
