tcpdump mailing list archives
Re: Sniffing ranges of ips
From: Robert Lowe <Robert.H.Lowe () lawrence edu>
Date: Fri, 19 Nov 2004 16:00:30 -0600
MMatos wrote:
tcpdump [options] '( ip[12:4] >= 0xc0a8020f ) and ( ip[12:4] <= 0xc0a80228 )'First of all thanks for the precious help you give me !I' ve been analysing the scripts and they expand the ranges to all ips and then work around with the netmasks ..Indead i like the 2nd way you're sugesting but i've a little doubt: Lets pick ip[12:4]The ip is self explanatory; the 4 represents the 4th word of the ip datagram wich corresponds to the source adress (right?) but i'm unable to find out the purpose of the number 12 .Can you enlight me about that?
The 12 is the starting index (13th byte), and the 4 is the range, i.e. IPV4 addresses are four bytes. BTW, this is in the tcpdump manpage. -Robert - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Re: Sniffing ranges of ips, (continued)
- Re: Sniffing ranges of ips Jefferson Ogata (Nov 19)
- Re: Sniffing ranges of ips Alexander Dupuy (Nov 19)
- Re: Sniffing ranges of ips Guy Harris (Nov 19)
- Re: Sniffing ranges of ips Alexander Dupuy (Nov 19)
- Re: Sniffing ranges of ips MMatos (Nov 19)
- Re: Sniffing ranges of ips MMatos (Nov 20)
- Re: Sniffing ranges of ips Jefferson Ogata (Nov 20)
- Re: Sniffing ranges of ips Miguel Matos (Nov 20)
- Re: Sniffing ranges of ips Jefferson Ogata (Nov 19)
- Re: Sniffing ranges of ips MMatos (Nov 19)
- Re: Sniffing ranges of ips Jefferson Ogata (Nov 19)
- Re: Sniffing ranges of ips Robert Lowe (Nov 19)