TCPDUMP Order of Operations: exclude and include

Gr4cchus

4/30/23, 10:02 AM

Trying to look at multicast traffic so I created a filter to monitor the range, then began to slowly add statements to exclude things not relevant but didnt get expected results. Do you do the opposite when writing, so put narrow excluding statements first then tac on large overarching statements at the end?

Failed attempt:

tcpdump -i any -s0 net 224.0.0.0/4 && not net 239.254.127.63/32 && not net 233.89.188.1/32 && not arp

0 + 0

tcpdump

Gr4cchus

5/2/23, 7:39 AM

this seemed to work better. `tcpdump -i any -s0 '(not net 239.254.127.63/32 && not net 233.89.188.1/32 && not arp) && (net 224.0.0.0/4)'`

Score:0

Server

AlexD

4/30/23, 1:03 PM

There is no difference in the order of primitives in your filtering expression. You need to make sure that you escape your expression as && is interpreted as a shell operator and everything after it will be ignored by tcpdump. Alternatively, use and instead of &&.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: TCPDUMP Order of Operations: exclude and include

TH: ลำดับการดำเนินการ TCPDUMP: ไม่รวมและรวม

RO: Ordinea operațiunilor TCPDUMP: excludeți și includeți

RU: Порядок операций TCPDUMP: исключить и включить

VI: Thứ tự hoạt động TCPDUMP: loại trừ và bao gồm

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.