Re: Sniffing ranges of ips

[MMatos <razielukain () gmail com>]

Jefferson Ogata wrote:

> Jefferson Ogata wrote:
>
> > MMatos wrote:
> >
> > > I want to write a little program that analyses packets within a 
> > > given ip range.
> > >
> > > My current problem is to set a filter that work with ip ranges.
> > >
> > > For example I want to dump all traffic that arrives to my box from 
> > > ips 192.168.2.15 to 192.168.2.40
> > > I could write all the ips in the range but that's not a good 
> > > solution, so how can implement that filter correctly using the range?
> > >
> > > some kind of
> > > $tcpdump "src 192.168.2.15/40"           :)
> >
> >
> >
> > Use the attached perl scripts, e.g.:
> >
> > tcpdump [options] `./genrange.pl 192.168.2.15 192.168.2.40 | 
> > ./aggregate.pl | ./iptcpdump.pl src`
>
>
> Or you can do something more utilitarian, such as:
>
> tcpdump [options] '( ip[12:4] >= 0xc0a8020f ) and ( ip[12:4] <= 
> 0xc0a80228 )'

First of all thanks for the precious help you give me !

I' ve been analysing the scripts and they expand the ranges to all ips 
and then work around with the netmasks ..

Indead i like the 2nd way you're sugesting but i've a little doubt:

Lets pick ip[12:4] 

The ip is self explanatory; the 4 represents the 4th word of the ip 
datagram wich corresponds to the source adress  (right?) but i'm unable 
to find out  the purpose of the number 12 .
Can you enlight me about that?

Thanks .

MMatos

--
Question.Do you use Linux exclusively, or do you use other operating systems as well?

Alan Cox: I run Linux on pretty much everything except the microwave and washing machine. Those are tempting targets but would probably make Telsa extremely cross. 

--  Behind the scenes --
http://www.opensource.org/halloween/

-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.