fw monitor

[breakdan]

hi at all,
question about fw monitor....i've not understand actually how to use properly the 'lenght' value ('byte', 'word', 'dword').

THK a lot for clarifing my confusion :)

bye, daniel

[kva.kva]

Do you want to know dimension of "-l" parameter?

-l <length>: limits the packet length; determines the number of bytes read from the kernel for each packet. If you use this option, include enough bytes, so the IP and protocol headers fit. If you use "-x" to print packet data, ensure the data you requested also fits. The default is calculated, so it will have all headers and data used by -x.

You can see default value in monitor's output in square brackets.

[breakdan]

I may have written just a bit cryptic :)

I'll explain again
accept [9:1] = 1;

see bold number...value can be: 1(byte), 2(word),4(dword) and, for ex, if i hava to filter icmp expression would be
accept [9:1]=1;
filter on ports: accept [20:2,b]=80;

i'm not able to understand meaning of :1, :2, :4.....

THK a lot

Daniel

[kva.kva]

This number - how many bytes value takes.
So 9:1 - value is stored after 9 byte (I number bytes from 1) from beginning of packet and takes 1 byte.
20:2 - after 20 byte and takes 2 bytes (word).

[breakdan]

Quote:

Originally Posted by kva.kva

This number - how many bytes value takes.
So 9:1 - value is stored after 9 byte (I number bytes from 1) from beginning of packet and takes 1 byte.
20:2 - after 20 byte and takes 2 bytes (word).

THK a lot :) ive well understood now

biez

Daniel