Victor wrote:
> I am writing an application which has to filter all the MMS (Multimedia
> Messaging Service) packets from a set of captured frames. Anybody knows
> if it is possible to directly filter this kind of traffic using libpcap
> and BPF filters?
The tcpdump man page describes what can be done with libpcap filter
expressions; that pretty much describes what can be done with BPF filters.
If you don't know what TCP port the traffic is going to or from, it'll be
difficult, at best, to filter for MMS packets. BPF isn't designed to make
it easy to filter packets for arbitrary protocols, where it might be
difficult to determine whether a packet is for a given protocol (it's
designed to make it easy to stuff filter programs into an OS kernel from a
user-mode application without fear of the application putting the kernel
into an infinite loop or otherwise causing damage).
> I have tried to filter only TCP packets and the
> application works, but when I try to filter HTTP packets (for example),
> an error occurs.
You can't say "filter for HTTP". You can say "filter for traffic to or
from ports 80 and 8080", for example.
