Ethereal-dev: Re: [Ethereal-dev] CLNP Address Filtering

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 10 May 2004 11:19:50 -0700
On Mon, May 10, 2004 at 09:23:15AM -0400, Herbert Falk wrote:
> What I have found is that "osi proto clnp" is NOT recognized

For whatever reason, when Tony Li added OSI protocol support to libpcap,
he made the qualifier "iso", not "osi".

Also, as "clnp" is a keyword by itself, as you've discovered, you'd have
to do

	iso proto \clnp

> but plain "clnp" is.

To quote the tcpdump manual page:

              iso proto protocol
                     True if the packet is an OSI packet of  pro-
                     tocol type protocol.  Protocol can be a num-
                     ber or one of the names clnp, esis, or isis.

              clnp, esis, isis
                     Abbreviations for:
                          iso proto p
                     where p is one of the above protocols.  Note
                     that tcpdump does an incomplete job of pars-
                     ing these protocols.

> I can't figure out a mechanism to specify source and destination clnp 
> addresses within the capture filter.

There isn't one in libpcap.