Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 04-25-2005, 03:02 PM   #1
LQ Newbie
Registered: Mar 2005
Posts: 6

Rep: Reputation: 0
Question Filtering a range of ports

I am needing some direction on a tcpdump statement that isn't working correctly.

What I'm trying to do is filter on a range of ports. What I've got is something like: tcpdump "tcp[0:2] >= 8192 and tcp[0:2] <= 8294"

If I just do the tcp[0:2] >= 8192 it works fine. Same with just doing the <=8294. But when I combine them together with an 'and' it filters everything out and I see no traffic at all, even when it's in that port range.

Have checked all the sources I know to check and they all seem to indicate the syntax of the statement is correct. Am I missing something? I'm wondering if there's another way to deal with ranges.
Old 04-25-2005, 03:54 PM   #2
Registered: Sep 2002
Location: Tulsa, OK
Distribution: Slack, baby!
Posts: 349

Rep: Reputation: 33

Strange.. Using your exact expression, it works just fine here. I don't know much about the tcpdump expression stuff, and don't have alot of time to research it, but just thought I'd let you know, at minimum, that it was working ok.

Try it for a different range of ports.
Try using '&&' instead of 'and'.

Sorry to not be of more help.. )=
Old 04-25-2005, 04:32 PM   #3
LQ Newbie
Registered: Mar 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Thanks for the feedback.

I have tried it with other port ranges with the same results. Also tried with &&, but that didn't provide any different results than using 'and' Don't know what's going on here...
Old 04-27-2005, 12:09 PM   #4
LQ Newbie
Registered: Mar 2005
Posts: 6

Original Poster
Rep: Reputation: 0
Some more info...

After some testing, found out that doing the 'and' does work....just not when it's the same offset in both parts of the statement.

For example:
tcpdump 'tcp[0:2] > 100 and tcp[2:2] < 200' this works as expected.
tcpdump 'tcp[0:2] > 100 and tcp[0:2] < 200' filters out everthing instead of providing traffic within that range

Anyone know what's up with this?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 02:03 AM
iptables - Opening a range of ports DeadTaco Linux - Networking 3 08-10-2005 03:11 PM
vsftpd + passive ports range connexion problem ashokleyland Linux - Networking 1 01-03-2005 12:57 PM
how to open ports for an ip range xuying Linux - Networking 0 11-17-2004 01:06 AM
Sendmail Spam filtering and Virus filtering MrJoshua Linux - General 2 04-03-2003 10:12 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:37 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration