On Mar 31, 2005, at 7:20 AM, Gabriel wrote:
Hello, I tried using tcpdump -xs 1500 -i eth0 "tcp[2:2]>=1000 and tcp[2:2]<=2000" but it doesn't capture anything. When I tried tcpdump -xs 1500 -i eth0 tcp[2:2]=1500 it worked out fine (it captured everything with the dst port 1500). I'm using linux with bash as a shell. What am I doing wrong?
What you're doing wrong might be "assuming that libpcap is bug-free".
Does
tcpdump -O -xs 1500 -i eth0 "tcp[2:2]>=1000 and tcp[2:2]<=2000"
work?
If so, what do
tcpdump -d -i eth0 "tcp[2:2]>=1000 and tcp[2:2]<=2000"
and
tcpdump -O -d -i eth0 "tcp[2:2]>=1000 and tcp[2:2]<=2000"
print?
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
