[tcpdump-workers] Multiple Needles in Multiple Haystacks.
Michael Richardson
mcr at sandelman.ca
Thu Nov 17 19:25:06 EST 2016
Zaphod Beeblebrox <zbeeble at gmail.com> wrote:
> Something like "ppp[0:2] == 0x8021" should pull out the IPCP. Or is
> that ppp[2:2] ... but neither works. Some other reading that's hard to
> find would suggest something like "protochain l2tp and ppp proto
> 0x8021" ... but that doesn't work either. I realize that one of
> ppp[2:2] or ppp[0:2] is going to be equivalent to ppp proto 0x8021, but
> the part that's not working is relating to the function of protochain.
> Help?
I'm not sure what is going on here; but filtering is done by libpcap, not by
libpcap itself. My first thought is to check your byte order!
> If you're Canadian (I see this list is associated with someone on
> Ottawa) I can offer 3 months of free DSL... or a whole year if you
> materially help me fix MPD on FreeBSD. I'm a fully open-source ISP ...
Yes, I live in Ottawa.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
More information about the tcpdump-workers
mailing list