E.g., ` src foo' means ` (ip or arp or rarp) src foo', ` net bar' means ` (ip or arp or rarp) net bar' and ` port 53' means ` (tcp or udp or sctp) port 53' (note that these examples use invalid syntax to illustrate the principle). If there is no proto qualifier, all protocols consistent with the type are assumed. Possible protocols are: ether, fddi, tr, wlan, ip, ip6, arp, rarp, decnet, sctp, tcp and udp. Proto qualifiers restrict the match to a particular protocol. The ra, ta, addr1, addr2, addr3, and addr4 qualifiers are only valid for IEEE 802.11 Wireless LAN link layers. If there is no dir qualifier, ` src or dst' is assumed. E.g., ` src foo', ` dst net 128.3', ` src or dst port ftp-data'. Possible directions are src, dst, src or dst, src and dst, ra, ta, addr1, addr2, addr3, and addr4. If there is no type qualifier, host is assumed.ĭir qualifiers specify a particular transfer direction to and/or from id. Possible types are host, net, port and portrange. Type qualifiers say what kind of thing the id name or number refers to. There are three different kinds of qualifier: Primitives usually consist of an id (name or number) preceded by one or more qualifiers. The filter expression consists of one or more primitives. The resulting filter program can then be applied to some stream of packets to determine which packets will be supplied to pcap_loop(3PCAP), pcap_dispatch(3PCAP), pcap_next(3PCAP), or pcap_next_ex(3PCAP). Pcap_compile(3PCAP) is used to compile a string into a filter program. Docs Download Licensing Windows 11 WinPcap Npcap Reference Guide Npcap API wpcap.dll (libpcap API) pcap-filter - Npcap API
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |