stackoom
  简体   繁体   中英

tcpdump of udp packets containing data

 原文  2013-08-13 13:04:07       linux/ udp/ tcpdump

Question

Running linux ubuntu.

Essentially, why is this command a syntax error: - 

tcpdump -i eth0 -n udp -X -v -s 1514 'tcp[40:4] = 0x31323334'

Which should show udp packets with '1234' at the 40th byte.

I mean, I get that udp isn't a tcp packet, but the logic should still work. Given it doesn't how can I write this?

2 answers

solution1
 2 ACCPTED  2013-08-13 15:00:07

try the following: 

tcpdump -i eth0 -X -v -s 1514 'udp[40:4] = 0x31323334'

Afaik, proto relop filters should match only the protocol you specify, -n udp should not be needed.

solution2
 1  2013-08-13 17:34:07

tcpdump is confused what to take as filtering parameter. When you've explicitly used udp, then it captures all the udp packets or if you want particular udp packet then you can specify the offset. So, based on what you need either specify udp with offset or simply udp if you want to capture all the udp packets. Something like below should meet your requirement: 

        tcpdump -i eth0 -n -X -v -s 1514 'udp[40:4] = 0x31323334'

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question UDP Broadcast packets is seen by tcpdump but not received by linux socket tcpdump to catch ICMP packets Modify data in outgoing UDP packets on linux POSIX UDP socket: how is the data splitted to UDP packets? tcpdump shows packets but application shows packets are bursty recv() skipping UDP packets Different order of packets in Wireshark vs tcpdump/libpcap? tcpdump returns 0 packets captured, received and dropped Unable to capture IP Broadcast packets using tcpdump Linux drops UDP packets
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM