09-19-2013
1,
0
Join Date: Sep 2013
Last Activity: 19 September 2013, 6:00 AM EDT
Posts: 1
Thanks Given: 0
Thanked 0 Times in 0 Posts
Berkley Packet Filter
Hi Folks!
Im trying to write a packet capture filter on a opnet device. The syntax there to write this filter is BPF.
What I wanna do is to capture everything, but from a certain ip-range I just wanna capture the header and not the payload. For your understanding: We are writing our backup to the databases during the night. So I dont want to capture all the payload of this backup I just want to capture the header-data.
So, I've read a lot about BPF and it's pretty cool. Comparing to a programming language you can specify a lot of "if"s. Like "if ip[0] = 9" and so on. But is it possible to specify a "then" clause? So: "IF this packet belongs to the backup stream, THEN just capture the header data".
Thanks a lot for your help
ati