[Winpcap-users] Capture SIP messages (In UDP and TCP)
Gilad Oz
gilado at radvision.com
Wed Jun 11 07:46:54 GMT 2008
Hi all,
First I'm new with the Pcap sources, I'm trying to capture SIP messages
via my sniffer. I want to do it as fast as I can - meaning the filter
will take place in the driver level, at kernel mode. I'm using the
pcap_compile ( filter_string ) and pcap_setfilter ( ) functions for
setting the driver with my filters. The only idea for doing that was to
filter the SIP messages by using the Filtering Expression Syntax, for
example: Filter the INVITE message
filter_string = udp[8:4] = 0x494E5649 && udp[12:2] = 0x5445". If you
have a better idea you are welcome to suggest.
I will appreciate your quick response,
Thanks in advanced,
Gilad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20080611/184b1c70/attachment.htm
More information about the Winpcap-users
mailing list