 | 1 | initial version |
Example for capture filter. Might be messy to maintain but did not find a way to wildcard with BPF.
host host
True if either the IPv4/v6 source or destination of the packet is host.
<snip>
If host is a name with multiple IP addresses, each address will be checked for a match.
root@kali:~# tail /etc/hosts
# Tue Oct 29 15:58:08 UTC 2019 - test for dumpcap -f "host monhost" -d
172.16.1.37 monhost
172.16.2.37 monhost
172.16.3.37 monhost
172.16.4.37 monhost
172.16.11.37 monhost
172.16.12.37 monhost
172.16.13.37 monhost
172.16.14.37 monhost
root@kali:~#
root@kali:~# dumpcap -f "host monhost" -d
Capturing on 'eth0'
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 13
(002) ld [26]
(003) jeq #0xac100125 jt 33 jf 4
(004) jeq #0xac100225 jt 33 jf 5
(005) jeq #0xac100325 jt 33 jf 6
(006) jeq #0xac100425 jt 33 jf 7
(007) jeq #0xac100b25 jt 33 jf 8
(008) jeq #0xac100c25 jt 33 jf 9
(009) jeq #0xac100d25 jt 33 jf 10
(010) jeq #0xac100e25 jt 33 jf 11
(011) ld [30]
(012) jeq #0xac100125 jt 33 jf 26
(013) jeq #0x806 jt 15 jf 14
(014) jeq #0x8035 jt 15 jf 34
(015) ld [28]
(016) jeq #0xac100125 jt 33 jf 17
(017) jeq #0xac100225 jt 33 jf 18
(018) jeq #0xac100325 jt 33 jf 19
(019) jeq #0xac100425 jt 33 jf 20
(020) jeq #0xac100b25 jt 33 jf 21
(021) jeq #0xac100c25 jt 33 jf 22
(022) jeq #0xac100d25 jt 33 jf 23
(023) jeq #0xac100e25 jt 33 jf 24
(024) ld [38]
(025) jeq #0xac100125 jt 33 jf 26
(026) jeq #0xac100225 jt 33 jf 27
(027) jeq #0xac100325 jt 33 jf 28
(028) jeq #0xac100425 jt 33 jf 29
(029) jeq #0xac100b25 jt 33 jf 30
(030) jeq #0xac100c25 jt 33 jf 31
(031) jeq #0xac100d25 jt 33 jf 32
(032) jeq #0xac100e25 jt 33 jf 34
(033) ret #262144
(034) ret #0
root@kali:~#
| | 2 | No.2 Revision |
Example for capture filter. Might be messy to maintain but did not find a way to wildcard with BPF.
To exclude the "monhost" addresses change "not host monhost".
host host
True if either the IPv4/v6 source or destination of the packet is host.
<snip>
If host is a name with multiple IP addresses, each address will be checked for a match.
root@kali:~# tail /etc/hosts
# Tue Oct 29 15:58:08 UTC 2019 - test for dumpcap -f "host monhost" -d
172.16.1.37 monhost
172.16.2.37 monhost
172.16.3.37 monhost
172.16.4.37 monhost
172.16.11.37 monhost
172.16.12.37 monhost
172.16.13.37 monhost
172.16.14.37 monhost
root@kali:~#
root@kali:~# dumpcap -f "host monhost" -d
Capturing on 'eth0'
(000) ldh [12]
(001) jeq #0x800 jt 2 jf 13
(002) ld [26]
(003) jeq #0xac100125 jt 33 jf 4
(004) jeq #0xac100225 jt 33 jf 5
(005) jeq #0xac100325 jt 33 jf 6
(006) jeq #0xac100425 jt 33 jf 7
(007) jeq #0xac100b25 jt 33 jf 8
(008) jeq #0xac100c25 jt 33 jf 9
(009) jeq #0xac100d25 jt 33 jf 10
(010) jeq #0xac100e25 jt 33 jf 11
(011) ld [30]
(012) jeq #0xac100125 jt 33 jf 26
(013) jeq #0x806 jt 15 jf 14
(014) jeq #0x8035 jt 15 jf 34
(015) ld [28]
(016) jeq #0xac100125 jt 33 jf 17
(017) jeq #0xac100225 jt 33 jf 18
(018) jeq #0xac100325 jt 33 jf 19
(019) jeq #0xac100425 jt 33 jf 20
(020) jeq #0xac100b25 jt 33 jf 21
(021) jeq #0xac100c25 jt 33 jf 22
(022) jeq #0xac100d25 jt 33 jf 23
(023) jeq #0xac100e25 jt 33 jf 24
(024) ld [38]
(025) jeq #0xac100125 jt 33 jf 26
(026) jeq #0xac100225 jt 33 jf 27
(027) jeq #0xac100325 jt 33 jf 28
(028) jeq #0xac100425 jt 33 jf 29
(029) jeq #0xac100b25 jt 33 jf 30
(030) jeq #0xac100c25 jt 33 jf 31
(031) jeq #0xac100d25 jt 33 jf 32
(032) jeq #0xac100e25 jt 33 jf 34
(033) ret #262144
(034) ret #0
root@kali:~#