Help the Newbies

turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Fry Mac
Fry
Mac
Posts: 8
Registered: 06-16-2010
0

Re: TCPDUMP Filter Question

Options

11-20-2011 06:34 PM

Thank you Edwin !

Message 1 of 3 (566 Views)
 
Reply
Moderator
Moderator
Edwin Groothuis
Posts: 388
Registered: 10-19-2008
0

TCPDUMP Filter Question

Options

11-18-2011 03:16 AM

The ip[] thingie takes the 40th byte from the beginning of the IP header and compares is it 0x01010101.

If the packet is a GRE encapsulated, that is the location of the original source IP address.

Edwin
--
Edwin Groothuis - Riverbed Support

If this answered your question, please click "Accept as Solution" ------->
Message 2 of 3 (791 Views)
 
Reply
Fry Mac
Fry
Mac
Posts: 8
Registered: 06-16-2010
0

TCPDUMP Filter Question

Options

11-17-2011 08:13 PM

Hi,

 

Can someone help me with the following:

1. I saw this part in a tcpdump filter:

((ip[40:4] = 0x01010101 and ip[44:4] = 0x02020202 ) or (ip[40:4] = 0x02020202 and ip[44:4] = 0x01010101 ))

 

Can someone please help me to interpret the meaning of the above lines.

 

 

2. Can someone share to me a document or url where I can gain better undertanding on how to create tcpdump filter from simple to complex.

 

Thank you in advance !

Message 3 of 3 (808 Views)
 
Reply

© Copyright 2012 Riverbed Technology. All rights reserved Riverbed.com | Contact Us | Technical Support | Terms & Conditions | Privacy Policy

‬‪‬‪‬‪