bengaluriga
Reputation: 319
Is this a correct pcap filter expression
const char *str = "wlan subtype assoc-req or wlan subtype probe-req or wlan subtype probe-resp";
struct bpf_program fp;
if((pcap_compile(pkt_handle, &fp, str, 1, PCAP_NETMASK_UNKNOWN)==-1))
{
pcap_perror(pkt_handle, "Compile");
}
else
printf("filter compiled\n");
After running, the program displays "filter compiled", but it still captures Beacon frames and lots of other frames apart from the three mentioned in filter expression.
So, is it the correct filter expression to catch only assoc-req, probe-req, probe-resp frames?
Upvotes: 1
Views: 618
Answers (1)
user862787
Reputation:
As interjay said, you have to call pcap_setfilter() to make the filter take effect. (Making it an answer so that the question shows up as having an answer.)
Upvotes: 1
Related Questions
- Parsing WiFi Packets (libpcap)
- why pcap_setfilter did not take effect
- pcap (wireshark) filter by wlan mac address
- How to use pcap structures with the good includes
- Libpcap filter strings using "vlan" are behaving weirdly
- Correct filter expression in libpcap for outgoing packets
- filtering packets from pcap file
- c - pcap filter expression
- Know from which pcap filter my packet came
- Some error in the code - libpcap