-2

is it possible to create expression in tcpdump that would filter incoming packets with wildcard, something like this please?

tcpdump -i bond0 -c 200 -Z root udp port 514 and src server-*.com

This doesn't work ... I was only able to filter using exact name or IP:

tcpdump -i bond0 -c 200 -Z root udp port 514 and src server-oOo.domain.com
tcpdump -i bond0 -c 200 -Z root udp port 514 and src 10.20.32.100

Thank you!

Miroslav Cibulka
  • 15
  • 7

1 Answers1

0

I do not think wildcards will work inline with tcpdump, but there are two possible solutions that I have used

  1. use grep to filter the output. use .* to match any character

    $ tcpdump -i bond0 -c 200 -Z root udp port 514 | grep server-.*.com

  2. use a network and cidr inline with tcpdump. this will match on any server on the 10.20.32.0/24 network. change the network address and cidr /24 as needed to match more or less of the network

    $ tcpdump -i bond0 -c 200 -Z root udp port 514 and src net 10.20.32.0/24

jbert
  • 162
  • 3
  • Thank you, I went with grep, realized that a little bit later after I created this post. I am wondering why so many downvotes for such simple question and also on good, valid answer ... Still a shame that although tcpdump have expressions, they are very simple, and you cant do string contains/subset operation. For multiline output (-v|-vv), greping won't help, as I would loose the second line ... fortunately I did not need verbose output. – Miroslav Cibulka Aug 19 '22 at 07:58
  • no problem. I'm new here but i think the downvotes are due to the question not being a programing related question and should have been posted on a different stack exchange site. Though i would argue that this is a tool used to test scripts that make network connections. Either way, I'm happy I was able to have helped. – jbert Aug 19 '22 at 15:54