Capture filter filter with tcpdump/tshark

user1977050

11/27/22, 2:18 PM

I'd like to filter ip messages which are constructed as follow (see picture below):

GRE on top of IP
GRE contains IP with UDP on port 1234 (in the picture below port 80).

How can I filter such messages?

PS operating system is windows based

219

1 + 0

packet-capture

Score:0

Server

herohamp

11/27/22, 2:34 PM

I'm not sure by what you mean with "on top" of GRE so I'll include both.

If you are trying to capture packets going to and from a GRE and you know the interface for the GRE tunnel you can do tcpdump -i GRE_INTERFACE host IP to show all traffic going to and from "IP", if you just want traffic going to it change host to dst. To get just UDP traffic on port 1234 tcpdump -i GRE_INTERFACE host IP and udp and port 1234
If you are trying to capture GRE packets themselves you can do tcpdump -i any proto gre, if you have too much GRE traffic and want to see it by the specific tunnel do tcpdump -i any proto gre and host IP_OF_GRE_TUNNEL_REMOTE

I hope this helps

0 + 1

user1977050

11/28/22, 12:09 PM

I've clarified my question by adding example packet capture

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Capture filter filter with tcpdump/tshark

TH: จับตัวกรองตัวกรองด้วย tcpdump/tshark

RO: Filtrul de captură cu tcpdump/tshark

RU: Фильтр фильтра захвата с помощью tcpdump/tshark

VI: Chụp bộ lọc bộ lọc với tcpdump/tshark

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.