simons@petium.rhein.DE (Peter Simons) wrote:

>Can anyone point me to a good documentation of the Berkeley Packet
>Filters? Reading other people's source is not a strength of mine,
>that's why I am looking for a book, web page or any other document
>that describes how to program them in detail.

You could also consider using libpcap instead, which is a layer above
bpf that also has a backend for SVR4 (non-bpf) packet
filters. ftp://ftp.ee.lbl.gov/libpcap-*.tar.Z

Not that I argue it is better than BPF, just dit should be considered
for portable programs. Newer tcpdump (3.x) use it insstead of bpf.

BTW, I found the manpage of BPF almost sufficient, this the exception
that an example with a proper read loop over the filter device is
missing.

Martin
-- 
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin_Cracauer@wavehh.hanse.de http://cracauer.cons.org  Fax.: +4940 5228536
"As far as I'm concerned,  if something is so complicated that you can't ex-
 plain it in 10 seconds, then it's probably not worth knowing anyway"- Calvin