tcpdump mailing list archives

Re: BPF filter for tcp syn for ipv6

From: Richard Bejtlich <taosecurity () gmail com>
Date: Thu, 11 Feb 2010 16:54:53 -0500

On Thu, Feb 11, 2010 at 10:24 AM, Ritesh Rekhi <rrekhi () brocade com> wrote:

Hi all,

I want to filter TCp syn packet which is coming using IPv6 addresses. I am not able to find the bpf filter for that 
can somebody help me to find the right BPF filter


I have already tried" tcp[tcpflags] & (tcp-syn) != 0" which doesn't work for IPv6 traffic.


Hello,

In situations like this it is helpful to troubleshoot with the -d option

http://taosecurity.blogspot.com/2004/12/understanding-tcpdumps-d-option-part-2.html

I learned about this a while back from a post Guy Harris made --
really changed the way I develop filters.

Sincerely,

Richard
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Current thread:

BPF filter for tcp syn for ipv6 Ritesh Rekhi (Feb 11)
- Re: BPF filter for tcp syn for ipv6 Darren Reed (Feb 11)
  - Re: BPF filter for tcp syn for ipv6 sthaug (Feb 11)
- Re: BPF filter for tcp syn for ipv6 Richard Bejtlich (Feb 11)
  - Re: BPF filter for tcp syn for ipv6 Guy Harris (Feb 11)