Hi, all,
When using tcpdump capture trace, we can add filter expressions ( in a
form of primitive [and/or primitive] ).
I want to know how the packets are parsed and matched to this filter
expression. Is there some intermediate data structure for the filter
expression? Is the filter used as i
On Jan 29, 2013, at 12:54 PM, Wenfei Wu wrote:
> When using tcpdump capture trace, we can add filter expressions ( in a
> form of primitive [and/or primitive] ).
> I want to know how the packets are parsed and matched to this filter
> expression. Is there some intermediate data structure for
Thanks, this is really helpful.
On Tue, Jan 29, 2013 at 3:21 PM, Guy Harris wrote:
> er, so you can't check the TCP ports in tho
___
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-worke
On Jan 29, 2013, at 2:24 PM, Wenfei Wu wrote:
> Thanks, this is really helpful.
> On Tue, Jan 29, 2013 at 3:21 PM, Guy Harris wrote:
> er, so you can't check the TCP ports in tho
I'm not sure whether you intended to quote that part of my response, but, if
you did, because handling fragmented
