tcpdump mailing list archives
pcap range no worky on ppc? (e.g. udp[2:2] >= 137 && udp[2:2] <= 139)
From: Ben Low <bdl () unsw edu au>
Date: Thu, 17 Jun 2004 15:19:40 +1000
Hello all, I attempted to use the following expression to filter netbios stuff: udp[2:2] >= 137 && udp[2:2] <= 139However this expression only captures port 137 packets on my two Power PC machines:
- linux 2.4.18 ppc (debian) tcpdump version 3.8.3 / libpcap version 0.8.3 - OS X 10.3.4 PowerBook (fink) tcpdump version 3.8-cvs / libpcap version 0.8It works as expected on an x86 linux box (tcpdump version 3.6.3 / libpcap version 0.6). Is this a pcap 0.8, or PPC (endianness?) problem?
I also tried tcp and various other combinations (including logically inverting the expression) with similar results, ditto capturing via ethereal. Each time the expression only captures the first value in the given range.
Regards, Ben -- Ben Low Senior Network Engineer 02 9385 1154 0401 555 668 Enterprise IT Infrastructure Division of Information Services, UNSW Sydney NSW 2052, Australia "Open Source Software projects have been able to gain a foothold ... because of the wide utility of highly commoditized, simple protocols. By extending these protocols and developing new protocols, we can deny OSS projects entry into the market.", Microsoft internal memo, 1998 - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- pcap range no worky on ppc? (e.g. udp[2:2] >= 137 && udp[2:2] <= 139) Ben Low (Jun 17)
- Re: pcap range no worky on ppc? (e.g. udp[2:2] >= 137 && udp[2:2] <= 139) Guy Harris (Jun 17)
- Re: pcap range no worky on ppc? (e.g. udp[2:2] Ben Low (Jun 17)
- Re: pcap range no worky on ppc? (e.g. udp[2:2] >= 137 && udp[2:2] <= 139) Guy Harris (Jun 17)