Guy Harris wrote:
As per that bug, turn off the optimizer:
tcpdump -i eth0 -O '(tcp[0:2]>=1024) && (tcp[0:2] <=6)'
That did it. Thank you.
Ed
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
ibpcap version 0.6
and
# ./tcpdump -V
tcpdump version 3.8
libpcap version 0.7.2
I'm using:
tcpdump 3.8.3
libpcap 0.8.3
I should try an earlier version.
could it be your shell?
I'm using bash 2.05b.0 on Linux.
-alexm
20:51 24/08/2004
On Tue, 24 Aug 2004, Ed Sawicki wrote:
I'm runni
There appears to be a parser error with compound
expressions like this:
tcpdump -i eth0 '(tcp[0:2]>=1024) && (tcp[0:2] <=6)'
Is there a way around this?
Ed
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
I'm running the latest versions of tcpdump and pcap. I can't
filter on tcp port ranges.
These don't work - no packets are captured:
tcpdump -i eth1 tcp[0:2] > 1023 and tcp[0:2] < 6
tcpdump -i eth1 'tcp[0:2] > 1023 and tcp[0:2] < 6'
tcpdump -i eth1 'tcp[0:2] > 1023' and 'tcp[0:2] < 6'
tc
