-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Philip Guenther.
On Tuesday, May 25, 2010, Philip Guenther wrote: >> I'm trying to use tcpdump in OpenBSD 4.6 with a syntax similar to the >> following: >> >> # tcpdump -vvv udp and port 5060 or portrange 10000-2000 -s0 \ >> -i eht0 -w eavesdropping_ulaw.dump >> >> In this case, the interface is em0, but I see that with this tcpdump >> version there is no parameter 'portrange'. I'm using a version >> compiled with the source code obtained by anoncvs, because I wanted >> to install with pkg_add but was not available. I tried as follows, >> but without success: >> >> # tcpdump -vv udp and port 5060 or "port >= 10000 and port <= 20000" -s0 \ >>> -i em0 -w eavesdropping_ulaw.dump >> tcpdump: syntax error > Repeat after me: options go BEFORE positional arguments. That command > line should be written as > > tcpdump -vv -s0 -i em0 -w eavesdropping_ulaw.dump udp and port 5060 or > "port >= 10000 and port <= 20000" > > > GNU libc uses a version of getopt() that reorders the command line to > accept options after positional arguments, so you might have gotten > used to the broken syntax on Linux systems, but it violates the POSIX > standard and can create security and portability bugs. Some programs > have to explicitly use _another_ GNU extension to disable the behavior > in order to work on such systems. Thanks, GNU! Interesting difference. Thanks for the explanation. I tried the syntax you suggest (I had to remove the "-s0" as mentioned IC1igo, because otherwise I get "invalid snaplen 0") but neither worked: bsd:~# tcpdump -vv -i em0 -w eavesdropping_ulaw.dump udp and port 5060 \ > or "port >= 10000 and port <= 20000" tcpdump: syntax error Thanks for your reply. Regards, Daniel iEYEARECAAYFAkv8EK0ACgkQZpa/GxTmHTeX8wCfa+2/0yVmDulxCyPz+CPvzGTe v9oAmgLWAaXu6CvBlxbnIFsGocQ1s550 =XmBk -----END PGP SIGNATURE-----
