[Winpcap-users] Filtering for DNS
Umesh Chandra Sahoo
USahoo at ixiacom.com
Sat Oct 6 08:21:01 GMT 2007
Hi Prasant,
I think u need to check ur filtering string. For protocol filtering
things you need to mention like "proto Protocol name". I had used this
some time b4 for tcp filtering things so u can use like as follows
I used "proto \tcp"
So u need to use "proto \dns" instead of "dns" only. Another thing you
need to check what is the pnemonics for dns. Since tcp is a keyword for
libpcap so we need to give a "\" b4 that. U need to check this for dns.
Another thing is dns is layer 4 protocol so if the above one is not
working try with " protochain \dns".
Below is the link for ur help
http://www.winpcap.org/docs/docs_41b/html/group__language.html
Thanks n Regds
Umesh
IXIA(leader in performance Network testing domain)
Calcutta
________________________________
From: winpcap-users-bounces at winpcap.org
[mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Prashant Kasal
Sent: Saturday, October 06, 2007 3:11 AM
To: winpcap-users at winpcap.org
Subject: [Winpcap-users] Filtering for DNS
Hi All,
I'm trying to filter the network packets to get DNS information
pcap_compile( adhandle, &fcode, "dns", 1, netmask), but when I executed
this line I'm getting the return value < 0;
does anybody know how to filter the network packets for DNS?
Any help would greatly appricated.
--
Thanks & Regds
Prashanth Kasal
Google Inc.,
1600, Amphitheater
parkway,
Mountain View, CA-94040
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20071006/8b490e8a/attachment.htm
More information about the Winpcap-users
mailing list