Filtering packets

In the Capturing packets recipe of this chapter, we showed a basic filter of char filter[] = "arp or tcp or udp or icmp";. In this recipe, we will take a more in-depth look at how to create a filter.

Since the libpcap library is used as the packet-capturing library for the tcpdump project, the libpcap filters take the same format as the tcpdump filter format. Any of the tcpdump filter expressions that we find on the Internet should work with libpcap. A Google search for "tcpdump filter" will return lots of results, but we will go over the basics in this recipe.

Getting ready

The filters that we will create in this recipe can be used along with the code in the Capturing packets recipe of this chapter. You should go through it to ...

Get iOS and OS X Network Programming Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

iOS and OS X Network Programming Cookbook by Jon Hoffman

Filtering packets

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly