Howto - setup a filter in sharppcap?

Question

i'm using the sharppcap library and try to setup a filter. My goal is to setup a filter that only add packets from one ip adress and not the whole amount of data of any ip and tcp packets. i had tried the whireshark notation...

device = CaptureDeviceList.Instance[itemIndex];
device.Open();
device.Filter = "ip.src=10.0.0.1 and tcp"; // doesn't work - only "ip and tcp" works

does anybody know how to configure the filters for this library ? :-)

thanks a lot :-)

Best Regards Jan

score 2 · Answer 1 · answered Aug 08 '11 at 14:23

SharpPcap is a frontend for libpcap/winpcap so any filter you use has to be in a format that libpcap/winpcap understand. At this time no additional processing is performed by SharpPcap.

I believe the same filter syntax is used across libpcap/winpcap/tcpdump and wireshark.

Try something like:

"tcp and host 172.18.5.4" From here

Chris

SharpPcap author

score 0 · Answer 2 · answered Jun 23 '13 at 17:14

0

Try this:

string mac = "00-AA-00-AA-00-AA";
string filter =String.Format("((tcp and ip) or udp) and ether src host {0}", mac);

answered Jun 23 '13 at 17:14

mmmmmm

980
1
14
16

Howto - setup a filter in sharppcap?

2 Answers2