[Winpcap-users] Filtering with BPF
w32.chess at gmail.com
Sat Apr 12 17:17:54 GMT 2008
On Fri, Apr 11, 2008 at 12:09 PM, Isara Anantavrasilp <isara.a at gmail.com>
> First of all, I hope the question is related to the list.
> I would like to screen out all packets without payloads from my trace
> That is, I want only the ones with payloads.
> I define payload as anything behind the TCP header which could be
> running over IPv4 and IPv6.
> Has anyone any idea what would be the perfect BPF filter syntax for
> such constraints?
> I am thinking about filtering len > something but would it be any problem?
> Can TCP or IP packet lengths be varied?
> Thanks a lot!
> Isara Anantavrasilp
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
As far as I know no, they don't vary. They're always of the same size
(ethernet + ip + tcp headers) so I think you can filter by the length of the
packet. To know the exact size of a tcp packet you could use a packet
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Winpcap-users