Ktawut T.Pijarn wrote:
However, I also need to differentiate different DCCP
connections using different DCCP ports too but libpcap doesn't capture
anything for me when I specify the desired port in addition to the IP
address in the capture filter, e.g. "dst 192.168.1.30 and src port 40001".
It just does not capture anything for me.
So, is there a special syntax for pcap to specify the DCCP port, if that is
available at all?
It appears that DCCP runs on top of IP and thus "DCCP port" is specified
in the DCCP payload.
I strongly doubt that DCCP is a protocol which can be specified in a
libpcap Capture Filter (and thus can be decoded to determine the DCCP port).
From the man tcpdump section about Capture filters:
"dst port port
True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a
destination port value of port. The port can be a number or a name
"
As the Wireshark man pages say:
"Capture Filter Syntax
See the manual page of pcap-filter(4) or, if that doesn't exist,
tcpdump(8)."
for all the gory details about using Capture filters. :)