[tcpdump-workers] Wenfei: how does tcpdump filter packets?
Hi, all, When using tcpdump capture trace, we can add filter expressions ( in a form of primitive [and/or primitive] ). I want to know how the packets are parsed and matched to this filter expression. Is there some intermediate data structure for the filter expression? Is the filter used as it is parsed on each layer of the headers or used once after the packet is parsed completely? Is there some material about this? Regards, Wenfei Wu ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Wenfei: how does tcpdump filter packets?
Thanks, this is really helpful. On Tue, Jan 29, 2013 at 3:21 PM, Guy Harris wrote: > er, so you can't check the TCP ports in tho ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
