[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tcpdump expression feature request

To: "'Oblek'" <oblek@lug.stikom.edu>
Subject: Re: tcpdump expression feature request
From: <openbsd-misc@netchan.cotse.net>
Date: Thu, 11 Sep 2003 01:35:28 -0500
Cc: <misc@openbsd.org>

Ugh, I missed the point that openbsd's tcpdump can't use 'vlan' in
filters. Can't it be replaced by some manual ether[] trick? Like
ether[12:2]=0x8100 (afaik this marks the tagged based vlans), so the
original:

vlan and icmp[icmp-type] = icmp-echo or tcp[tcpflags] = tcp-syn

would translate as

ether[12:2]=0x8100 and (icmp[0]=0 or icmp[0]=8) or tcp[13]=2

Sandor


> -----Original Message-----
> From: Oblek [mailto:oblek@lug.stikom.edu] 
> Sent: Wednesday, September 10, 2003 8:55 PM
> To: openbsd-misc@netchan.cotse.net
> Cc: misc@openbsd.org
> Subject: Re: tcpdump expression feature request
> 
> 
> > You can do that, check tcpdump manual for examples.
> 
> Unfortunatelly not (yet), I've check it out against
> tcpdump manual on 3.4, but yesterday Chris Kuethe
> gave me a lengthy notes about tcpdump filter expression
> you can find in:
> 
http://staff.washington.edu/dittrich/talks/core02/tools/tcpdump-filters.
txt

References:
- Re: tcpdump expression feature request
  - From: Oblek <oblek@lug.stikom.edu>

Prev by Date: Re: errors in "stock" spamd.conf
Next by Date: Re: errors in "stock" spamd.conf
Prev by thread: Re: tcpdump expression feature request
Next by thread: No "Modem device" in KPPP!!
Index(es):
- Date
- Thread