Home » Forums » Support Forum

My Filter don't filter :)

7 replies [Last post]
Wed, 01/27/2010 - 16:35
jcl
Offline
Joined: 01/25/2010

Hi. I have a problem with filter:


Pcap pcap = Pcap.openLive(netDevice.getName(), sp.getQuantiByte(), sp.getFlag(), sp.getTimeout(), errors);

if (pcap == null) {
System.err.printf("ERRORE NELL'APERTURA DEL DEVICE: " + errors);
}

PcapBpfProgram program = new PcapBpfProgram();
int optimize = 0;
int netmask = 0;

String expression="port 23";
if (pcap.compile(program, expression, optimize, netmask) != Pcap.OK) {
System.err.println(pcap.getErr());
return;
}

if (pcap.setFilter(program) != Pcap.OK) {
System.err.println(pcap.getErr());
return;
}

System.out.println("Il filtro è stato applicato con successo: " + expression);

JPacketHandler handler = new JPacketHandler() {

public void nextPacket(JPacket pacchetto, String usr) {
System.out.println(pacchetto.toString());
}
};

pcap.loop(sp.getNumPack(), handler, "CONTROLLO");

pcap.close();

This code continue to analyze all traffic,but it should analyze only traffic on PORT 23.

Sad

Top
Thu, 01/28/2010 - 13:23
#1
jcl
Offline
Joined: 01/25/2010
no one can help me with this

no one can help me with this code?

Top
Thu, 01/28/2010 - 17:15
#2
Mark Bednarczyk
Mark Bednarczyk's picture
Offline
Joined: 03/22/2008
That looks correct. I do not

That looks correct. I do not see any problems in the code.

What platform are you running this on? (Please follow the guidelines when asking for help: http://jnetpcap.com/support/guidelines).

Not all platforms utilize BPF for filtering.

Sly Technologies, Inc.
R&D

Top
Thu, 01/28/2010 - 20:27
#3
jcl
Offline
Joined: 01/25/2010
O.S.: Windows vista home

O.S.: Windows vista home premium (s.p. 2) 32 bit
jnetpacap version: 1.3

Top
Fri, 01/29/2010 - 21:15
#4
jcl
Offline
Joined: 01/25/2010
i don't know where is the

i don't know where is the problem...i'm going crazy...is there another way to do that?

Top
Sat, 01/30/2010 - 20:21
#5
Mark Bednarczyk
Mark Bednarczyk's picture
Offline
Joined: 03/22/2008
That should really work. The

That should really work. The only thing I can think of, is that somehow you are not capturing on the network interface that you think your capturing or want. The expression above compiles perfectly to BPF code on win32:

C:\Program Files\WinPcap>windump -d port 23
windump: listening on \Device\NPF_GenericDialupAdapter
(000) ldh      [12]
(001) jeq      #0x86dd          jt 2    jf 10
(002) ldb      [20]
(003) jeq      #0x84            jt 6    jf 4
(004) jeq      #0x6             jt 6    jf 5
(005) jeq      #0x11            jt 6    jf 23
(006) ldh      [54]
(007) jeq      #0x17            jt 22   jf 8
(008) ldh      [56]
(009) jeq      #0x17            jt 22   jf 23
(010) jeq      #0x800           jt 11   jf 23
(011) ldb      [23]
(012) jeq      #0x84            jt 15   jf 13
(013) jeq      #0x6             jt 15   jf 14
(014) jeq      #0x11            jt 15   jf 23
(015) ldh      [20]
(016) jset     #0x1fff          jt 23   jf 17
(017) ldxb     4*([14]&0xf)
(018) ldh      [x + 14]
(019) jeq      #0x17            jt 22   jf 20
(020) ldh      [x + 16]
(021) jeq      #0x17            jt 22   jf 23
(022) ret      #96
(023) ret      #0

There must be something else going on.

May be its Winpcap related. Which WinPcap version do you have installed on this system?

Sly Technologies, Inc.
R&D

Top
Tue, 02/02/2010 - 12:08
#6
jcl
Offline
Joined: 01/25/2010
i have uninstalled winpcap

i have uninstalled winpcap and then reinstalled....and now it works.

Top
Tue, 02/02/2010 - 13:34
#7
Mark Bednarczyk
Mark Bednarczyk's picture
Offline
Joined: 03/22/2008
Thats strange. Did you

Thats strange. Did you reinstall the same version or upgraded to newer one like WinPcap 4.1.1?

Sly Technologies, Inc.
R&D

Top

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.