Hi All,
I want to use "pcap_compile" to get a bpf filter from a string. And then I want to use the filter in the form of sock_filter to set as a socket option to capture the packets specified by the filter. I want to receive the filtered packets using PF_PACKET family socket. But what I have observed is that the filter obtained using pcap_compile (printed using bpf_dump) does not match the one using tcpdump -d option. Can someone help? Or, what should be the best way to achieve this? Regards, Prashant - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
