[Winpcap-users] Filtering with BPF

Isara Anantavrasilp isara.a at gmail.com
Fri Apr 11 11:09:45 GMT 2008


First of all, I hope the question is related to the list.
I would like to screen out all packets without payloads from my trace files.
That is, I want only the ones with payloads.

I define payload as anything behind the TCP header which could be
running over IPv4 and IPv6.

Has anyone any idea what would be the perfect BPF filter syntax for
such constraints?
I am thinking about filtering len > something but would it be any problem?
Can TCP or IP packet lengths be varied?

Thanks a lot!

Isara Anantavrasilp

More information about the Winpcap-users mailing list