tcpdump 过滤掉特定的 ip 和该 ip 的特定端口

Question 1

使用括号：

not ((dst host 192.168.1.100 and dst port 1111) or (dst host 192.168.1.101 and dst port 3333))

Answer

使用括号：

not ((dst host 192.168.1.100 and dst port 1111) or (dst host 192.168.1.101 and dst port 3333))

Question 2

括号是你的好朋友。来自man pcap-filter：

    Primitives may be combined using:

      A parenthesized group of primitives and operators.

      Negation (`!' or `not').

      Concatenation (`&&' or `and').

      Alternation (`||' or `or').

   Negation has highest precedence.  Alternation and concatenation have equal precedence and associate left to right.   Note  that  explicit
   and tokens, not juxtaposition, are now required for concatenation.

   If an identifier is given without a keyword, the most recent keyword is assumed.  For example,
        not host vs and ace
   is short for
        not host vs and host ace
   which should not be confused with
        not ( host vs or ace )

因此，类似下面的方法应该可以解决问题：

'!(dst host 192.168.1.100 and dst port 1111) && !(dst host 192.168.1.101 and dst port 3333)'

这是假设您只关心示例中的目的地。

Answer

括号是你的好朋友。来自man pcap-filter：

    Primitives may be combined using:

      A parenthesized group of primitives and operators.

      Negation (`!' or `not').

      Concatenation (`&&' or `and').

      Alternation (`||' or `or').

   Negation has highest precedence.  Alternation and concatenation have equal precedence and associate left to right.   Note  that  explicit
   and tokens, not juxtaposition, are now required for concatenation.

   If an identifier is given without a keyword, the most recent keyword is assumed.  For example,
        not host vs and ace
   is short for
        not host vs and host ace
   which should not be confused with
        not ( host vs or ace )

因此，类似下面的方法应该可以解决问题：

'!(dst host 192.168.1.100 and dst port 1111) && !(dst host 192.168.1.101 and dst port 3333)'

这是假设您只关心示例中的目的地。

tcpdump 过滤掉特定的 ip 和该 ip 的特定端口

答案1

答案2

相关内容