tcpdump mailing list archives
Trouble with dynamic filter construction
From: TCPDump <tcpdump () intrusense com>
Date: 15 May 2003 10:05:13 -0400
Hello, I'm having some trouble defining a filter that will reliably match the ICMP sequence or ICMP identification number I use. I use the following it works: icmp[0] = 0 && icmp[4] = 255 That's great, but if I do the following it fails: icmp[0] = 0 && icmp[4] = 256 or icmp[0] = 0 && icmp[4:2] = 256 I understand why the first one fails, but shouldn't "icmp[4:2] = X" cover ICMP IDs from 0 - 65535? I need a filter or set of filters that will cover all possible ICMP sequence and identification numbers. Any assistance would be greatly appreciated. Thanks, Darren - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- Trouble with dynamic filter construction TCPDump (May 15)