tcpdump mailing list archives
Re: How does one filter on multiple parameters?
From: Guy Harris <guy () netapp com>
Date: Thu, 27 Feb 2003 16:34:32 -0800
On Thu, Feb 27, 2003 at 04:22:37PM -0800, Jeff Wong wrote:
If I wanted to filter on port 21 and port 22, how could this be done? I want to filter on the ip packets on port 21 and port 22 char *filter "ip port 21 port 22"?
There are no ports in IP, so you cannot filter on IP packets on port 21 and port 22, and you can't say "ip port 21". There are ports in TCP and in UDP; do you want to filter on TCP ports 21 and 22, UDP ports 21 and 22, or both TCP and UDP ports 21 and 22? I shall assume TCP for now (as those are the FTP control and data ports); for UDP, replace "tcp" with "udp", and, for both, do more "or"ing.
From the tcpdump man page (which is, for better or worse, the place
where libpcap filter syntax is documented): expression selects which packets will be dumped. If no expression is given, all packets on the net will be dumped. Oth- erwise, only packets for which expression is `true' will be dumped. The expression consists of one or more primitives. ... Primitives may be combined using: A parenthesized group of primitives and operators (parentheses are special to the Shell and must be escaped). Negation (`!' or `not'). Concatenation (`&&' or `and'). Alternation (`||' or `or'). Negation has highest precedence. Alternation and con- catenation have equal precedence and associate left to right. Note that explicit and tokens, not juxtaposi- tion, are now required for concatenation. If an identifier is given without a keyword, the most recent keyword is assumed. For example, not host vs and ace is short for not host vs and host ace which should not be confused with not ( host vs or ace ) so it's be tcp port 21 or tcp port 22 or just tcp port 21 or 22 - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- question subramoni padmanabhan (Feb 27)
- How does one filter on multiple parameters? Jeff Wong (Feb 27)
- Re: How does one filter on multiple parameters? Guy Harris (Feb 27)
- <Possible follow-ups>
- Question Gustavo Sevillano (Mar 18)
- How does one filter on multiple parameters? Jeff Wong (Feb 27)