Getting ready

The basic layer 4 filters are:

  • port <port>: When the packet is a layer 4 protocol, such as TCP or UDP, this filter will capture packets to/from the port indicated in the identifier field
  • dst port <port>: When the packet is a layer 4 protocol, such as TCP or UDP, this filter will capture packets to the destination port indicated in the identifier field
  • src port <port>: When the packet is a layer 4 protocol, such as TCP or UDP, this filter will capture packets to the source port indicated in the identifier field

The port range matching filters are:

  • tcp portrange <p1>-<p2> or udp portrange <p1>-<p2>: TCP or UDP packets in the port range of p1 to p2
  • tcp src portrange <p1>-<p2> or udp src portrange <p1>-<p2>: TCP or UDP packets in the source port range of p1 to p2
  • tcp dst portrange <p1>-<p2>  or udp src portrange <p1>-<p2>: TCP or UDP packets in the destination port range of p1 to p2

In addition to these filters, the following TCP flags can be used:

  • tcp-urg: Used for TCP urgent pointer flag
  • tcp-rst: Used for TCP reset pointer flag
  • tcp-ack: Used for TCP acknowledgment pointer flag
  • tcp-syn: Used for TCP sync pointer flag
  • tcp-psh: Used for TCP push pointer flag
  • tcp-fin: Used for TCP finish pointer flag
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.17.162.247