Guy Harris wrote:
Nicolao Renč wrote:
Hi, I've a problem with tcpdump when I try to specify a port range
if I use a filter expr like: tcpdump -i eth0 '(tcp and (tcp[0:2]
>=1) and (tcp[0:2] <= 20000))'
which means, capture all tcp packets with source port between 1 and
20000, I get no result from tcpdump.
There are bugs in the optimizer for the filter expression compiler
that could, I think, cause this problem.
A workaround is to use the "-O" flag to tcpdump, to turn off the
optimizer; the expression is simple enough that any increase in CPU
time spent filtering packets probably won't make a big difference. If
the "-O" flag doesn't fix the problem, let us know.
The bug should be fixed in the current CVS version, so the next
libpcap release shouldn't have this problem.
Thank you, it works with the -O option.
I'll also try the cvs version of libpcap and let you know.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.