[Winpcap-users] RE: protocol filtering
Guy Harris
guy at alum.mit.edu
Mon Jul 16 08:46:18 GMT 2007
swetha borra wrote:
> Yes.I am using a winpcap based applicaiton...the incoming packets have
> the proprietary protocol type number.
What protocol is your proprietary protocol encapsulated in? Ethernet?
Some other 802.x protocol? PPP? Something else?
I.e., what kind of type number is that?
> Based on that number i want to
> parse the packet and display it as with the corresponding protocol name.
>
> regarding the filtering, i want to view only this proprietary protocol
> packets. So, question is in which part of winpcap code do i need to
> incorporate my changes?
If it's an Ethernet or PPP type number, there is no part of WinPcap code
you need to incorporate any changes - if, for example, your protocol has
an Ethernet type value of hex 8080, then you'd use the filter expression
"ether type 0x8080"; pass that string to pcap_compile() and use the
resulting filter in a pcap_setfilter() call (and then free it with
pcap_freecode()).
> One more thing is, the NIC card that i want to sniff receives HDLC
> packets also. Does winpcap discards this packets??
What type of NIC is it? You said it receives HDLC packets "also"; what
types of packet other than HDLC packets does it receive?
More information about the Winpcap-users
mailing list