Forum Discussion

moog67_108621's avatar
moog67_108621
Icon for Nimbostratus rankNimbostratus
Jul 14, 2014

tcpdump portrange option

Hi everyone,   I'm trying to capture traffic directed to a certain range of tcp ports with tcpdump. When using the "portrange" expression I get a syntax error:   tcpdump -i -s0 -w capture_file...
application delivery
LTM
management
performance
  • mimlo_61970's avatar
    mimlo_61970
    Jul 18, 2014

    try:

     

    tcpdump -i SRV -s0 -w capture_file.trc port 8080 or port 8081 or port 8082

     

    This worked for me, I saw traffic on all 3 ports in both directions in my dump. My only diff was the interface name.

     

    This was on 10.2.4 HF5, tcpdump version 3.9.4, libpcap version 0.7.2

     

    Again, no idea why portrange doesn't work, but I can confirm the same problem on this version.

     

adityoari_14383's avatar
adityoari_14383
Historic F5 Account
Jul 14, 2014

is that the syntax you actually used? because it's missing the interface name

 

  • moog67_108621's avatar
    moog67_108621
    Icon for Nimbostratus rankNimbostratus
    Jul 14, 2014
    Ooops!! I guess it was a copy/paste issue... The actual syntax I'm using is: tcpdump -i SRV -s0 -w capture_file.trc portrange 8080-8082 Where SRV is the alias for the interface where the traffic is coming/going. I'm just interested in the traffic directed to TCP ports 8080,8081 and 8082. Thanks moog67