For 802.11 headers, the destination address is the DA field and the source address is the SA field the BSSID, RA, and TA fields aren't tested.] Similarly, tr and wlan are aliases for ether the previous paragraph's statements about FDDI headers also apply to Token Ring and 802.11 wireless LAN headers. FDDI headers also contain other fields, but you cannot name them explicitly in a filter expression. FDDI headers contain Ethernet-like source and destination addresses, and often contain Ethernet-like packet types, so you can filter on these FDDI fields just as with the analogous Ethernet fields. [ fddi is actually an alias for ether the parser treats them identically as meaning ``the data link level used on the specified network interface''. E.g., ` src foo' means ` (ip or arp or rarp) src foo', ` net bar' means ` (ip or arp or rarp) net bar' and ` port 53' means ` (tcp or udp or sctp) port 53' (note that these examples use invalid syntax to illustrate the principle). If there is no proto qualifier, all protocols consistent with the type are assumed. Possible protocols are: ether, fddi, tr, wlan, ip, ip6, arp, rarp, decnet, sctp, tcp and udp. Proto qualifiers restrict the match to a particular protocol. The ra, ta, addr1, addr2, addr3, and addr4 qualifiers are only valid for IEEE 802.11 Wireless LAN link layers. If there is no dir qualifier, ` src or dst' is assumed. E.g., ` src foo', ` dst net 128.3', ` src or dst port ftp-data'. Possible directions are src, dst, src or dst, src and dst, ra, ta, addr1, addr2, addr3, and addr4. If there is no type qualifier, host is assumed.ĭir qualifiers specify a particular transfer direction to and/or from id. Possible types are host, net, port and portrange. Type qualifiers say what kind of thing the id name or number refers to. There are three different kinds of qualifier: Primitives usually consist of an id (name or number) preceded by one or more qualifiers. The filter expression consists of one or more primitives. The resulting filter program can then be applied to some stream of packets to determine which packets will be supplied to pcap_loop(3PCAP), pcap_dispatch(3PCAP), pcap_next(3PCAP), or pcap_next_ex(3PCAP). Pcap_compile(3PCAP) is used to compile a string into a filter program. Docs Download Licensing Windows 11 WinPcap Npcap Reference Guide Npcap API wpcap.dll (libpcap API) pcap-filter - Npcap API
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |