[Winpcap-users] combining filters
Guy Harris
guy at alum.mit.edu
Tue Mar 11 08:07:35 GMT 2008
Maria de Fatima Requena wrote:
> I am trying to filter tcp and udp packets. Docs say to use ‘and’ for
> concatenation, but “tcp and udp” doesn’t seem to work with pcap_compile.
> What is the right way to do this?
"tcp or udp".
When you say "filter tcp and udp packets", you mean "TCP packets and UDP
packets", i.e. packets that are either TCP or UDP, not "packets that are
both TCP and UDP", which would be "tcp and udp" (and which wouldn't
match any packets - the IP header of a packet can't simultaneously say
the packet is TCP and the packet is UDP).
More information about the Winpcap-users
mailing list