tcpdump ip range
21,104
If you want a filter to capture on packets mathing 130.190.0.0/17:
tcpdump net 130.190.0.0/17
Related videos on Youtube
23 : 20
tcpdump - Traffic Capture & Analysis
18 : 48
Introduction to TCPDUMP
02 : 06
Analyzing the tcpdump data
06 : 21
TCP Dump - What is it and how to use it?
01 : 25
Unix & Linux: tcpdump ip range
Author by
klaypez
Updated on September 18, 2022Comments
-
klaypez over 1 year
I'm using nfsen and I need to apply a filter to get specific ip range and I can't find the syntax. I searched in the doc of nfdump and tcpdump but nothing.
For now the netflows captured provides from multiples address and the ip range I want to get (and only those address) is from 130.190.0.0 to 130.190.127.255 with a mask /17
Or another way to explain this, I only want adress that start by 130.190 I don't care about other like 216.58, 51.254...etc there are a lot more
-
ilkkachu almost 7 yearsDid you mean 130.190.0.0 to 130.190.127.255? That would be the /17 block. -
klaypez almost 7 years@ilkkachu yes that's right, the /17 is the mask of my network
-
cutrightjm almost 7 yearsWhat is the range you are wanting to capture? By the way your question is worded it looks to me like all of 130.190.0.0/17 (why is your range so big, by the way?)
-
klaypez almost 7 yearsI want to capture all the flows which concerns ip address starting by 130.190.X.X this is what I want. The problem is when I enter
net 130.190.0.0/17as filter, it still captures adress like 216.58.198.46 but I don't want them -
klaypez almost 7 years@FerencWágner This don't solve my problem, if you want another way to explain what I want, I want to capture all the flows that concerns ip address starting by 130.190.
-
Billy left SE for Codidact over 3 yearsnet is great for ip ranges that align with CIDR subnet boundaries. what about random range numbers. I want to sniff all traffic from the four hosts .6 through .9 in 10.4.20.6-9
-
-
klaypez almost 7 yearsyeah already tried this but this filter capture other ip address like 216.58.198.46 and I don't know why
-
slass100 almost 7 yearsIt will capture 216.58.198.46 if the other end (ie. source or destination) is in 130.190.0.0/17. If you want to only catch packets where the source and destination are in 130.190.0.0/17:
tcpdump src net 130.190.0.0/17 and dst net 130.190.0.0/17 -
klaypez almost 7 years@slass100 thanks for responding I tried the command you gave me and I only get 2 flows ? Could you explain me why please ?
2017-05-17 23:34:58.547 0.000 any 130.190.64.115 1(100.0) 1(100.0) 1028(100.0) 0 0 10282017-05-17 23:34:58.547 0.000 any 130.190.65.254 1(100.0) 1(100.0) 1028(100.0) 0 0 1028 -
slass100 almost 7 yearsWithout a diagram of your network, I can only guess. If your system running nfsen is connected to a switch (vs. a hub or span port) it will only "see" packets to or from your system (not packets between 2 hosts connected to the same switch as your device).
-
klaypez almost 7 yearsHm I guess you don't understand because my english is poor sorry about that but no matters if my machine is connected to a switch or a hub no ? I just want a filter that display machine which has their IP starting byt 130.190 from source or destination. I don't know, maybe I'm looking for something doesn't exist, maybe just no filter who does what I want
