"not upd" doesn't work in compound filter

[George Liang <liang_george () hotmail com>]

Hi there,

With below tcpdump command (in Ubuntu), I want to get multicast traffic, non udp, ..., but the filter "! udp" doesn't 
work. It gives output of UDP packets.

sudo tcpdump -r tw 'ether[0] & 0xFF == 1' && ! udp && host 192.168.1.1 && greater 300

The single filter of "! udp"  works though.

tcpdump version 4.0.0
libpcap version 1.0.0


Thanks & Regards,

George                                    -
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.