Hello all,
I am trying to do a tcpdump filter like below
The idea is to filter all ethernet frames and where the frame ends as I
understand keyword *len *has the total length of the captured packet,
substracts 85 positions and compare if byte in position len - 85 is equal
to hex 0x2.
Does anybody know what am I doing wrong?,
As tcpdump does not complain when executing that command, but the filter
when attached to my C program does not work I am attaching that code with
setsockopt(2) - SO_ATTACH_FILTER
sudo tcpdump 'ether [ len ] - 85 = 0x2' -dd
{ 0x80, 0, 0, 0x00000000 },
{ 0x7, 0, 0, 0x00000000 },
{ 0x50, 0, 0, 0x00000000 },
{ 0x14, 0, 0, 0x00000055 },
{ 0x54, 0, 0, 0x000000ff },
{ 0x15, 0, 1, 0x00000002 },
{ 0x6, 0, 0, 0x0000ffff },
{ 0x6, 0, 0, 0x00000000 },
Thanks!
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
