First of all, thank you for your help and explanations.
I know what port is used in the MMSC (MMS Center). Thus, I can filter the traffic using a BPF filter like this: "tcp and port xxxx". But I've a little trouble because sometimes MMS packets are fragmented, and the result of the filtering application are a set of TCP fragmented packets. These packets must be assembled into HTTP packets (just because MMS packets are build in the body of HTTP operations (POST & GET)). My question is the following: can I filter these assembled packets directly, or should I have to assemble by myself?
Thanks, Víctor
Victor wrote:
I am writing an application which has to filter all the MMS (Multimedia
Messaging Service) packets from a set of captured frames. Anybody knows
if it is possible to directly filter this kind of traffic using libpcap
and BPF filters?
The tcpdump man page describes what can be done with libpcap filter
expressions; that pretty much describes what can be done with BPF filters.
If you don't know what TCP port the traffic is going to or from, it'll be
difficult, at best, to filter for MMS packets. BPF isn't designed to make
it easy to filter packets for arbitrary protocols, where it might be
difficult to determine whether a packet is for a given protocol (it's
designed to make it easy to stuff filter programs into an OS kernel from a
user-mode application without fear of the application putting the kernel
into an infinite loop or otherwise causing damage).
I have tried to filter only TCP packets and the
application works, but when I try to filter HTTP packets (for example),
an error occurs.
You can't say "filter for HTTP". You can say "filter for traffic to or
from ports 80 and 8080", for example.
