Hi,
How can I set capture filter for the GRE?
I've tried proto GRE but I receive an error unkonwn ip proto 'GRE'.
Following previous question: If I need to filter some udp packet (on port 1234) which is inside the GRE, how can I do that?
Try ip proto 47.
Because the BPF capture filter does not support GRE as a filter, anything on top of that can only be filtered by checking the data at known positions.
So with the layers IP (20) / GRE (4) / IP (20) / UDP, the UDP source port is at position 20+4+20 = 44 bytes. Then the filter you can use is:
ip proto 47 and (ip[44:2] == 1234 or ip[46:2] == 1234)
Assuming no IP options used here. It is possible to make a filter that uses the IP-lengths, but is probably not necessary (options rarely used).
Asked: 2021-07-27 13:07:55 +0000
Seen: 15,822 times
Last updated: Jul 31 '21
As this is a Q&A forum, you should really post that as a separate question. Now we have one question and two answers which will possibly confuse others with the same issue.