HPE Community
Operating System - HP-UX
1753321 Members
6202 Online
108792 Solutions
New Discussion

tcpdump capture filter helo

 
Doug O'Leary
Honored Contributor

‎08-23-2011 09:36 AM

‎08-23-2011 09:36 AM

tcpdump capture filter helo

Hey;

 

I'm trying to set up a capture filter between a host and 5 peers.  I've tried:

 

tcpdump -C 50 -w ${file} host 192.168.42.26 || host 192.168.14.218 || host 192.168.14.241 || host 10.192.22.26 || host 10.192.22.25 || host 192.168.99.64

 

and

 

tcpdump -C 50 -w ${file} host 192.168.42.26 || 192.168.14.218 || 192.168.14.241 || 10.192.22.26 || 10.192.22.25 || 192.168.99.64

 

however, I don't seem to be catching any packets.  That last IP is the system from which I've ssh'ed into the target host so I *know* there's traffic flowing.

 

When I do a simple:

tcpdump -C 50 -w ${file} host 192.168.66.94

I get lots of packets.   

 

Can someone point out what I'm missing?  Thanks.

 

Doug O'Leary


------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
2 REPLIES 2
Doug O'Leary
Honored Contributor

‎08-23-2011 09:48 AM

‎08-23-2011 09:48 AM

Re: tcpdump capture filter helo

hey;

 

Naturally, as soon as I post a question, I figure it out...**bleep** quotes :)

 

tcpdump -C 50 -w ${file} 'host 192.168.42.26 || 192.168.14.218 || 192.168.14.241 || 10.192.22.26 || 10.192.22.25 || 192.168.99.64'


------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Reply
BowlesCR
Advisor

‎09-01-2011 07:27 AM

‎09-01-2011 07:27 AM

Re: tcpdump capture filter helo

Good to hear. FYI, if you've used Wireshark, it leverages the same library as tcpdump, so the capture filter syntax is the same (other than the quotes)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.