[Winpcap-users] Filtering Expression fails
Sethu Raam
sethu.kr at hotmail.com
Fri Jan 25 13:53:48 GMT 2008
Hello everybody,
I'm new to this winpcap library.
Currently i'm using winpcap 4.0.1 in my VC++ compiler.
I have to filter the TCP packets holding the SYN flag.
Whenever i tried using the filter string "tcp[13] & 0x02 != 0", it just hanging in pcap_next_ex() function.Still its waiting for the packets to come.
But i'm getting the SYN packets in my ethereal running at the same time.
Also i tried, "tcp[tcpflags] & tcp-syn != 0" and "tcp port 8080 and tcp-syn". None of them works.
I didn't get any error message while compiling and setting the filter.
But Its works fine with the filter strings "tcp" and "tcp port 8080".
Is this the correct expression what i'm looking for?
That will be great for me if anybody help me regarding this.
Thanks,
Sethu
_________________________________________________________________
Post free property ads on Yello Classifieds now! www.yello.in
http://ss1.richmedia.in/recurl.asp?pid=219
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20080125/09e6f502/attachment.htm
More information about the Winpcap-users
mailing list