Forum Discussion
moog67_108621
Jul 14, 2014Nimbostratus
tcpdump portrange option
Hi everyone,
I'm trying to capture traffic directed to a certain range of tcp ports with tcpdump.
When using the "portrange" expression I get a syntax error:
tcpdump -i -s0 -w capture_file...
- Jul 18, 2014
try:
tcpdump -i SRV -s0 -w capture_file.trc port 8080 or port 8081 or port 8082
This worked for me, I saw traffic on all 3 ports in both directions in my dump. My only diff was the interface name.
This was on 10.2.4 HF5, tcpdump version 3.9.4, libpcap version 0.7.2
Again, no idea why portrange doesn't work, but I can confirm the same problem on this version.
adityoari_14383
Jul 14, 2014Historic F5 Account
is that the syntax you actually used? because it's missing the interface name
- moog67_108621Jul 14, 2014NimbostratusOoops!! I guess it was a copy/paste issue... The actual syntax I'm using is: tcpdump -i SRV -s0 -w capture_file.trc portrange 8080-8082 Where SRV is the alias for the interface where the traffic is coming/going. I'm just interested in the traffic directed to TCP ports 8080,8081 and 8082. Thanks moog67
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects