https://stackoverflow.com/questions/18209901
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiantry the following:
tcpdump -i eth0 -X -v -s 1514 'udp[40:4] = 0x31323334'
Afaik, proto relop filters should match only the protocol you specify, -n udp should not be needed.
tcpdump of udp packets containing data
Question
Running linux ubuntu.
Essentially, why is this command a syntax error: -
tcpdump -i eth0 -n udp -X -v -s 1514 'tcp[40:4] = 0x31323334'
Which should show udp packets with '1234' at the 40th byte.
I mean, I get that udp isn't a tcp packet, but the logic should still work. Given it doesn't how can I write this?
Solution
OTHER TIPS
tcpdump is confused what to take as filtering parameter. When you've explicitly used udp, then it captures all the udp packets or if you want particular udp packet then you can specify the offset. So, based on what you need either specify udp with offset or simply udp if you want to capture all the udp packets. Something like below should meet your requirement:
tcpdump -i eth0 -n -X -v -s 1514 'udp[40:4] = 0x31323334'
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
