Packet Captures: Difference between revisions
Content added Content deleted
m (→TCP Flags: m) |
m (→Capture Filter Primitives: m) |
||
Line 348: | Line 348: | ||
====Capture Filter Primitives==== |
====Capture Filter Primitives==== |
||
[src|dst] host <host> Matches a host as the IP source, destination, or either |
[src|dst] host <host> Matches a host as the IP source, destination, or either |
||
ether [src|dst] host <ehost> Matches a host as the Ethernet source, destination, or either |
ether [src|dst] host <ehost> Matches a host as the Ethernet source, destination, or either |
||
gateway host <host> Matches packets which used host as a gateway |
gateway host <host> Matches packets which used host as a gateway |
||
[src|dst] net <network>/<len> Matches packets to or from an endpoint residing in network |
[src|dst] net <network>/<len> Matches packets to or from an endpoint residing in network |
||
[tcp|udp] [src|dst] port <port> Matches TCP or UDP packets sent to/from port |
[tcp|udp] [src|dst] port <port> Matches TCP or UDP packets sent to/from port |
||
[tcp|udp] [src|dst] portrange <p1>-<p2> Matches TCP or UDP packets to/from a port in the given range |
[tcp|udp] [src|dst] portrange <p1>-<p2> Matches TCP or UDP packets to/from a port in the given range |
||
less <length> Matches packets less than or equal to length |
less <length> Matches packets less than or equal to length |
||
greater <length> Matches packets greater than or equal to length |
greater <length> Matches packets greater than or equal to length |
||
(ether|ip|ip6) proto <protocol> Matches an Ethernet, IPv4, or IPv6 protocol |
(ether|ip|ip6) proto <protocol> Matches an Ethernet, IPv4, or IPv6 protocol |
||
(ether|ip) broadcast Matches Ethernet or IPv4 broadcasts |
(ether|ip) broadcast Matches Ethernet or IPv4 broadcasts |
||
(ether|ip|ip6) multicast Matches Ethernet, IPv4, or IPv6 multicasts |
(ether|ip|ip6) multicast Matches Ethernet, IPv4, or IPv6 multicasts |
||
type (mgt|ctl|data) [subtype <subtype>] Matches 802.11 frames based on type and optional subtype |
type (mgt|ctl|data) [subtype <subtype>] Matches 802.11 frames based on type and optional subtype |
||
vlan [<vlan>] Matches 802.1Q frames, optionally with a VLAN ID of vlan |
vlan [<vlan>] Matches 802.1Q frames, optionally with a VLAN ID of vlan |
||
mpls [<label>] Matches MPLS packets, optionally with a label of label |
mpls [<label>] Matches MPLS packets, optionally with a label of label |
||
<expr> <relop> <expr> Matches packets by an arbitrary expression |
<expr> <relop> <expr> Matches packets by an arbitrary expression |
||
====Command Line Options==== |
====Command Line Options==== |