[Winpcap-users] Problem with BPF-filtration

Guy Harris guy at alum.mit.edu
Fri Feb 11 15:05:02 PST 2011


On Feb 11, 2011, at 2:21 PM, revunov v. wrote:

> I use winpcap 4.1.2. For BPF-filtering I set string "src" for pcap_compile function. But in result I get error of syntax.

If you mean that the filter is just the string "src", you get a syntax error because there's an error in the syntax of that filter expression. :-)  "src", by itself, isn't a filter.

> Also for testing I tried to set "src foo" and "src host test" but all of them doesn't work and I get the same error. Why?

"src foo" and "src host test" *are* valid filters, as long as "foo" and "test" are valid host names.  If they aren't, you will get an error, although it won't be "syntax error", it'll be "unknown host {host name}", where {host name} is the host name you used.

> I receive ethernet packets without any MAC, IP, TCP/UDP headers from remote host.

It's somewhat difficult to get an Ethernet packet without a MAC header.  What do you mean here?

> And I want to process only entering packets by filtration.

By "only entering packets" do you mean you only want to see packet received by your machine, not packets sent by your machine?


More information about the Winpcap-users mailing list