Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am needing some direction on a tcpdump statement that isn't working correctly.
What I'm trying to do is filter on a range of ports. What I've got is something like: tcpdump "tcp[0:2] >= 8192 and tcp[0:2] <= 8294"
If I just do the tcp[0:2] >= 8192 it works fine. Same with just doing the <=8294. But when I combine them together with an 'and' it filters everything out and I see no traffic at all, even when it's in that port range.
Have checked all the sources I know to check and they all seem to indicate the syntax of the statement is correct. Am I missing something? I'm wondering if there's another way to deal with ranges.
Strange.. Using your exact expression, it works just fine here. I don't know much about the tcpdump expression stuff, and don't have alot of time to research it, but just thought I'd let you know, at minimum, that it was working ok.
Try it for a different range of ports.
Try using '&&' instead of 'and'.
I have tried it with other port ranges with the same results. Also tried with &&, but that didn't provide any different results than using 'and' Don't know what's going on here...
After some testing, found out that doing the 'and' does work....just not when it's the same offset in both parts of the statement.
For example:
tcpdump 'tcp[0:2] > 100 and tcp[2:2] < 200' this works as expected.
tcpdump 'tcp[0:2] > 100 and tcp[0:2] < 200' filters out everthing instead of providing traffic within that range
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.