Hi. The format of the filters is the one of libpcap/tcpdump/windump. You can find details at
http://windump.polito.it/docs/manual.htm (look at "expression" paragraph) Regarding the data in the packets, they are as they flow in the network. For example, on Ethernet, the first 14 bytes are the Ethernet header (MAC dst+MAC src+ethertype), then the IP header(or another level3 protocol) and so on. For help on the protocol headers format, have a look at http://www.protocols.com/ GV ----- Original Message ----- From: "noil sg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, May 24, 2002 2:56 AM Subject: Re: [WinPcap-users] filter format > I also like to know where I can find the data > structure for the current packet. For example, what's > inside the header, src IP port etc. > I know it's built in the c code some where. But just > want to read some documents about this. > Help is greatly appreciated! > > --- Lei Liang <[EMAIL PROTECTED]> wrote: > > Hi, falks, > > I wondered what is the format of the pkt filter > > for the winpcap. > > currently i use very simple format such as "ip", > > "tcp" or "udp", but i > > thought there may be some comlicate format can add > > destination and source > > port number, isn't it? and are there any more > > protocols can be filtered by > > directly adding the protocol's name in the filter > > express? the third > > question is if there is another method to filter RTP > > packet except using > > source and destination port number? > > Thank you very much and any information is really > > appreciated. > > cheers, > > lei > > > > > __________________________________________________ > Do You Yahoo!? > LAUNCH - Your Yahoo! Music Experience > http://launch.yahoo.com >
