Hello all, I have been working on a program that will report when a HTTP text/plain packet is sent over the network. I am using libpcap 1.0 in this C++ program, using the function pcap_compile() as follows:
pcap_compile(interface, &filter, "src port 80 && tcp[32:4]=0x666F7220", 1, mask) As you can see, after the regular TCP headers, I look for the ASCII value "for " which has worked perfectly on my Linux box. However, when I compile on OS X, no packets are found. I used Wireshark to look at the packets on my MacBook, and sure enough, they should pass through the filter, but they don't. To see if I was really wrong, I ran tcpdump with the exact same filter tcpdump -i en1 "src port 80 && tcp[32:4] = 0x666F7220" This gave me results...so the filter is correct. There is virtually nobody on freenode's #wireshark, and this seemed the best place. I would appreciate any help, thanks! Caleb Hearon ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
