har*_*ije 27 subnet filter tcpdump
我正在使用以下 tcpdump 命令:
tcpdump -w net75.out -s 0 host 65.207.95.222
我想将单个主机上的过滤器更改为以下子网中的所有地址:
65.192.0.0/10
我一直无法弄清楚如何指定 tcpdump 过滤器来执行此操作。
请指教。
Zor*_*che 45
试试这个。
tcpdump -w net75.out -s 0 net 65.192.0.0/10
dst net net
True if the IPv4/v6 destination address of the packet has a net-
work number of net. Net may be either a name from the networks
database (/etc/networks, etc.) or a network number. An IPv4
network number can be written as a dotted quad (e.g.,
192.168.1.0), dotted triple (e.g., 192.168.1), dotted pair (e.g,
172.16), or single number (e.g., 10); the netmask is
255.255.255.255 for a dotted quad (which means that it's really
a host match), 255.255.255.0 for a dotted triple, 255.255.0.0
for a dotted pair, or 255.0.0.0 for a single number. An IPv6
network number must be written out fully; the netmask is
ff:ff:ff:ff:ff:ff:ff:ff, so IPv6 "network" matches are really
always host matches, and a network match requires a netmask
length.
src net net
True if the IPv4/v6 source address of the packet has a network
number of net.
net net
True if either the IPv4/v6 source or destination address of the
packet has a network number of net.
net net mask netmask
True if the IPv4 address matches net with the specific netmask.
May be qualified with src or dst. Note that this syntax is not
valid for IPv6 net.
net net/len
True if the IPv4/v6 address matches net with a netmask len bits
wide. May be qualified with src or dst.