At 04:42 PM 12/11/2001 +0100, [EMAIL PROTECTED] wrote:
> > I would like to know if it is possible to filter
with PCAP on a range of
> > ports by using "pcap_compile" function.
> >
> > I tried several filter expressions but each one
was rejected by the
> > function :
> >
> > Examples of expressions I tried :
> >
> > "ip and (port >= 1000 and port <= 2000)"
> > "ip and (port 1000 >= port 2000)"
>
>Not directly, as far as I know. But you can do things
like
>
>"tcp[2:2] >= 1000 and tcp[2:2] <= 2000"
>
>to filter on TCP destination port within a specified
range.
>
>Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
Hello, I tried using tcpdump -xs 1500 -i eth0
"tcp[2:2]>=1000 and tcp[2:2]<=2000" but it doesn't
capture anything. When I tried tcpdump -xs 1500 -i
eth0 tcp[2:2]=1500 it worked out fine (it captured
everything with the dst port 1500). I'm using linux
with bash as a shell. What am I doing wrong?
__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
