Ask Your Question

Revision history [back]

Why doesn't tcpdump's filter take effect?

Hi Community,

Greetings from me!

My tcpdump version is:

$ tcpdump --version
tcpdump version tcpdump version 4.9.3 -- Apple version 90.100.1
libpcap version 1.9.1
LibreSSL 2.8.3

I tried to use tcpdump to filter some packets:

$ tcpdump -nr tests/traces/gtp/gtp-tcp-no-data-rst-after-fin.anon.pcap port 2152
reading from file tests/traces/gtp/gtp-tcp-no-data-rst-after-fin.anon.pcap, link-type EN10MB (Ethernet)
$

Nothing is found, but actually there are packets whose port is 2152:

$ tcpdump -nr tests/traces/gtp/gtp-tcp-no-data-rst-after-fin.anon.pcap
reading from file tests/traces/gtp/gtp-tcp-no-data-rst-after-fin.anon.pcap, link-type EN10MB (Ethernet)
15:57:40.095481 IP 10.0.0.1.2123 > 10.0.0.3.2123: UDP, length 186
15:57:40.288664 IP 10.0.0.3.2123 > 10.0.0.1.2123: UDP, length 130
16:00:07.540641 IP 10.0.0.2.2152 > 10.0.0.4.2152: UDP, length 72
16:00:08.041768 IP 10.0.0.2.2152 > 10.0.0.4.2152: UDP, length 72
......

Did I miss something? Thanks very much in advance!

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2