Scanning IP6 packets

["Steve" <steve () iwwd com>]

Hello Dev Team,

 

Firstly, I apologise if this mail is going to the wrong place, but I
couldn't find anywhere else to send it to.

 

I've been using TCPDump for some time as a way of tracking and extracting
the domain names of http request for IPv4.  As IPv6 becomes more prolific,
I've missing more and more data.

 

I note that on some documentation that the use of 'tcp' filter on Ipv6 isn't
supported because of the possibility of additional headers in IPv6 packets,
but I was wondering if there is some kind of work-around in order to seek
out the required information.

 

This was the string that I was using for Ipv4:

tcpdump -i eth0 -nn -s 0 -A port 80 and '(tcp[((tcp[12:1] & 0xf0) >> 2):4] =
0x47455420 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'

 

 

I've tried several different versions of converting these filters to 'ip6'
references but no packets are returned.  

 

How can I get a working filter to capture the data I need?

 

Thanks

Steve.

 

 

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers