<br><br><div class="gmail_quote">On Fri, Apr 11, 2008 at 12:09 PM, Isara Anantavrasilp <<a href="mailto:isara.a@gmail.com">isara.a@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi,<br>
<br>
First of all, I hope the question is related to the list.<br>
I would like to screen out all packets without payloads from my trace files.<br>
That is, I want only the ones with payloads.<br>
<br>
I define payload as anything behind the TCP header which could be<br>
running over IPv4 and IPv6.<br>
<br>
Has anyone any idea what would be the perfect BPF filter syntax for<br>
such constraints?<br>
I am thinking about filtering len > something but would it be any problem?<br>
Can TCP or IP packet lengths be varied?<br>
<br>
Thanks a lot!<br>
<br>
Cheers,<br>
<font color="#888888">Isara Anantavrasilp<br>
_______________________________________________<br>
Winpcap-users mailing list<br>
<a href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a><br>
<a href="https://www.winpcap.org/mailman/listinfo/winpcap-users" target="_blank">https://www.winpcap.org/mailman/listinfo/winpcap-users</a></font></blockquote><div><br>As far as I know no, they don't vary. They're always of the same size (ethernet + ip + tcp headers) so I think you can filter by the length of the packet. To know the exact size of a tcp packet you could use a packet sniffer ;)<br>
<br>Regards,<br>Leonardo<br> </div></div><br>