Jack
Reputation: 5890
why pcap_setfilter did not take effect
I'm using libpcap as lib to write a C program for catching up coming IPs. my code snippet as following:
struct bpf_program filter;
pcap_compile(pcap_handle, &filter, "icmp[icmptype]=0 and '(dst 16.11.26.100 or dst 16.11.27.100)'", 1, 0);
pcap_setfilter(pcap_handle, &filter);
But it didn't work, I still could see other dest Ips rather than only the above two Ips.
Upvotes: 8
Views: 449
Answers (2)
user9065877
Reputation: 193
You should always check for errors from library routine calls. If you'd checked for errors from pcap_compile(), you would have seen that the compile failed (due to the single quotes, although the error message would probably just be "syntax error").
Upvotes: 1
Jack
Reputation: 5890
I fixed the problem, the right answer is here:
"icmp[icmptype]=0 and (dst 16.11.26.100 or dst 16.11.27.100)"
Just removed the single quota.
Upvotes: 1
Related Questions
- Libcap filter is not filtering the right packets
- Issue in pcap_set_buffer_size()
- pcap_next return NULL
- Libpcap API does not remove the filter
- Correct filter expression in libpcap for outgoing packets
- filtering packets from pcap file
- Is this a correct pcap filter expression
- Know from which pcap filter my packet came
- libpcap setfilter() function and packet loss
- how to filter incoming packets in pcap vc++