Question on PCAP filters
I am new to pcap programming and looking at its filters capabilities. I am
not able to find documentation on Filter Syntax, its limitations etc. Please
provide me with any links for this.
Can I add a filter to examine any part of packet? For example, on a TCP/IP/Ethernet packet, can I add a filter to match the 8 bytes starting from byte num 6 of Ethernet header?
What I need is the ability to create filters based on:
1) Starting offset from start of Ethernet packet
2) Length of the match (ie., compare 4 or 6 or 8 or any number of bytes)
3) Specify the value against which to compare
I would appreaciate any responses.