<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1522" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face="Courier New" size=2>Hi, I want to configure winpcap to only
capture the packets between two machines, </FONT></DIV>
<DIV><FONT face="Courier New" size=2>with IP addresses, for example, 192.168.1.1
and 192.168.1.2</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>Winpcap is installed on machine
192.168.1.2, the filter string I used is</FONT></DIV>
<DIV><FONT face="Courier New" size=2>"tcp and ip src host 192.168.1.1 || tcp and
ip dst host 192.168.1.1"</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>But it seems that I only got packets sent
from 192.168.1.2 to 192.168.1.1, that is, </FONT></DIV>
<DIV><FONT face="Courier New" size=2>only the </FONT><FONT face="Courier New"
size=2>outcoming packets. The part of the filter string before "||" seems to be
ignored. </FONT></DIV>
<DIV><FONT face="Courier New" size=2>Is there anything wrong with this filter
string, and how can I </FONT><FONT face="Courier New" size=2>change it?
Thanks!</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2>Zhiyuan</FONT></DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV>
<DIV><FONT face="Courier New" size=2></FONT> </DIV></BODY></HTML>