[Winpcap-users] Question about Filter
Gianluca Varenni
gianluca.varenni at cacetech.com
Thu Feb 8 21:17:29 GMT 2007
Please use some parentheses like this
(tcp and ip src host 192.168.1.1) || (tcp and ip dst host 192.168.1.1)
The "and" and "or" operator have equal precedence in the bpf filtering language.
Have a nice day
GV
----- Original Message -----
From: Zhiyuan Cheng
To: winpcap-users at winpcap.org
Sent: Thursday, February 08, 2007 12:13 PM
Subject: [Winpcap-users] Question about Filter
Hi, I want to configure winpcap to only capture the packets between two machines,
with IP addresses, for example, 192.168.1.1 and 192.168.1.2
Winpcap is installed on machine 192.168.1.2, the filter string I used is
"tcp and ip src host 192.168.1.1 || tcp and ip dst host 192.168.1.1"
But it seems that I only got packets sent from 192.168.1.2 to 192.168.1.1, that is,
only the outcoming packets. The part of the filter string before "||" seems to be ignored.
Is there anything wrong with this filter string, and how can I change it? Thanks!
Zhiyuan
------------------------------------------------------------------------------
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20070208/f9117e78/attachment.htm
More information about the Winpcap-users
mailing list