cancel
Showing results for 
Search instead for 
Did you mean: 

tcpdump capture filter helo

Doug O'Leary
Honored Contributor

tcpdump capture filter helo

Hey;

 

I'm trying to set up a capture filter between a host and 5 peers.  I've tried:

 

tcpdump -C 50 -w ${file} host 192.168.42.26 || host 192.168.14.218 || host 192.168.14.241 || host 10.192.22.26 || host 10.192.22.25 || host 192.168.99.64

 

and

 

tcpdump -C 50 -w ${file} host 192.168.42.26 || 192.168.14.218 || 192.168.14.241 || 10.192.22.26 || 10.192.22.25 || 192.168.99.64

 

however, I don't seem to be catching any packets.  That last IP is the system from which I've ssh'ed into the target host so I *know* there's traffic flowing.

 

When I do a simple:

tcpdump -C 50 -w ${file} host 192.168.66.94

I get lots of packets.   

 

Can someone point out what I'm missing?  Thanks.

 

Doug O'Leary


------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
2 REPLIES
Doug O'Leary
Honored Contributor

Re: tcpdump capture filter helo

hey;

 

Naturally, as soon as I post a question, I figure it out...**bleep** quotes :)

 

tcpdump -C 50 -w ${file} 'host 192.168.42.26 || 192.168.14.218 || 192.168.14.241 || 10.192.22.26 || 10.192.22.25 || 192.168.99.64'


------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
BowlesCR
Advisor

Re: tcpdump capture filter helo

Good to hear. FYI, if you've used Wireshark, it leverages the same library as tcpdump, so the capture filter syntax is the same (other than the quotes)