Re: filtering port ranges

[Ed Sawicki <ed () alcpress com>]

alex medvedev wrote:

> Hi Ed,
>
> this is strange, because at least:
>
> # tcpdump tcp[0:2] \> 1 and tcp[0:2] \< 79
> # tcpdump 'tcp[0:2] > 1 and tcp[0:2] < 79'
>
> both correctly work for me
These do not work for me. No packets are displayed.


> on
>
> # tcpdump -V
> tcpdump version 3.6
> libpcap version 0.6
>
> and
>
> # ./tcpdump -V
> tcpdump version 3.8
> libpcap version 0.7.2
>  
I'm using:
tcpdump 3.8.3
libpcap 0.8.3

I should try an earlier version.

> could it be your shell?
>  
I'm using bash 2.05b.0 on Linux.



> -alexm
> 20:51 24/08/2004
>
>
>
> On Tue, 24 Aug 2004, Ed Sawicki wrote:
>
>  
>
> > I'm running the latest versions of tcpdump and pcap. I can't
> > filter on tcp port ranges.
> >
> > These don't work - no packets are captured:
> >
> > tcpdump -i eth1 tcp[0:2] > 1023 and tcp[0:2] < 60000
> > tcpdump -i eth1 'tcp[0:2] > 1023 and tcp[0:2] < 60000'
> > tcpdump -i eth1 'tcp[0:2] > 1023' and 'tcp[0:2] < 60000'
> > tcpdump -i eth1 'tcp[0:2]>1023' and 'tcp[0:2]<60000'
> > tcpdump -i eth1 \( 'tcp[0:2] > 1023' and 'tcp[0:2] < 60000' \)
> >
> > Is there a way to make this work?
> >
> > Ed
> > -
> > This is the tcpdump-workers list.
> > Visit https://lists.sandelman.ca/ to unsubscribe.
> >
> >    
>
>
>
> -
> This is the tcpdump-workers list.
> Visit https://lists.sandelman.ca/ to unsubscribe.
>  

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.