Guy Harris wrote:
Nicolao Renč wrote:
Hi, I've a problem with tcpdump when I try to specify a port range
if I use a filter expr like: tcpdump -i eth0 '(tcp and (tcp[0:2] >=1) and (tcp[0:2] <= 20000))'
which means, capture all tcp packets with source port between 1 and 20000, I get no result from tcpdump.
There are bugs in the optimizer for the filter expression compiler that could, I think, cause this problem.
A workaround is to use the "-O" flag to tcpdump, to turn off the optimizer; the expression is simple enough that any increase in CPU time spent filtering packets probably won't make a big difference. If the "-O" flag doesn't fix the problem, let us know.
The bug should be fixed in the current CVS version, so the next libpcap release shouldn't have this problem.
Thank you, it works with the -O option. I'll also try the cvs version of libpcap and let you know. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
