PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:tcpdump:tcpdump

tcpdump

BPF(Berkeley Packet Filter) Syntax

man 7 pcap-filter

Filter Expression

Essential Filtering

  • Exclude LOOP protocol
not ether proto 9000
  • Exclude CDP, LOOP, 0x6002(DEC DNA Remote Console) protocol
not (arp or ether[20:2] == 0x2000 or ether proto (loopback or 0x6002))
  • Exclude CDP, LOOP, 0x6002(DEC DNA Remote Console), OSPF protocol
not (arp or ether[20:2] == 0x2000 or ether proto (loopback or 0x6002) or ip proto ospf)
  • NOT TESTED LLDP!! Exclude CDP, LOOP, 0x6002(DEC DNA Remote Console), LLDP(0x88cc), OSPF protocol
not (arp or ether[20:2] == 0x2000 or ether proto (loopback or 0x6002 or 0x88cc) or ip proto ospf)
  • Exclude ARP, CDP, LOOP, 0x6002(DEC DNA Remote Console), OSPF protocol, DHCP, ICMPv6 ND(Neighbor Discovery)
not (arp or ether[20:2] == 0x2000 or ether proto (loopback or 0x6002) or ip proto ospf or udp port (67 or 68) or (icmp6 and (ip6[40] == 133 or ip6[40] == 134 or ip6[40] == 135 or ip6[40] == 136)))
  • NOT TESTED LLDP!! Exclude ARP, CDP, LOOP, 0x6002(DEC DNA Remote Console), LLDP(0x88cc), OSPF protocol, DHCP
not (arp or ether[20:2] == 0x2000 or ether proto (loopback or 0x6002 or 0x88cc) or ip proto ospf or udp port (67 or 68) or (icmp6 and (ip6[40] == 133 or ip6[40] == 134 or ip6[40] == 135 or ip6[40] == 136)))

Filter Expression Applicable Software

tcpdump

see above.

Wireshark

aka “Capture Filter”.

CML2

Used following “BPF” field.

tech/network/tcpdump/tcpdump.txt · Last modified: 2021/10/02 11:12 by wnoguchi