1

Trying to look at multicast traffic so I created a filter to monitor the range, then began to slowly add statements to exclude things not relevant but didnt get expected results. Do you do the opposite when writing, so put narrow excluding statements first then tac on large overarching statements at the end?

Failed attempt:

tcpdump -i any -s0 net 224.0.0.0/4 && not net 239.254.127.63/32 && not net 233.89.188.1/32 && not arp

Gr4cchus
  • 11
  • 3
  • this seemed to work better. `tcpdump -i any -s0 '(not net 239.254.127.63/32 && not net 233.89.188.1/32 && not arp) && (net 224.0.0.0/4)'` – Gr4cchus Jan 02 '22 at 07:39

1 Answers1

1

There is no difference in the order of primitives in your filtering expression. You need to make sure that you escape your expression as && is interpreted as a shell operator and everything after it will be ignored by tcpdump. Alternatively, use and instead of &&.

AlexD
  • 8,747
  • 2
  • 29
  • 38