On Apr 11, 2010, at 9:01 PM, Charles Bland wrote: > I want to filter packets I'm reading from an offline file. What throws me > is what do I do with the netmask argument? How does a offline file have a > netmask?
With libpcap files, it doesn't. With a pcap-ng file, it does, but only the latest shiniest version of libpcap supports reading pcap-ng files, and that version hasn't yet been made the basis of a WinPcap release. *HOWEVER*: The *only* way in which the netmask is used is by pcap_compile() is for the "broadcast" keyword if it's checking *IP* addresses rather than *MAC* addresses. If you don't care about checking for IP broadcast addresses in a filter, you can specify 0 or 0xffffffff as the netmask; if you *do* care, there's nothing you can do other than find out - from some source other than the capture file - what the netmask was for that network, and supply that. _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
