Data Center RUM Documentation

Skip to end of metadata
Go to start of metadata

The TCPDUMP filter is similar to the tcpdump utility provided by the operating system.

To filter a capture, use:

packet_count "destination" "filter_expression" "interfaces" max_file_size

where:

packet_count

The maximum packet count to save. Specifying 0 as packet count causes packets to be saved (sent to specified address) until a stop is requested using tcpdump stop, or until the maximum file size is reached.

“destination”

Quoted string giving the absolute path to the destination file or colon-separated IP address and port number, where the dump data is to be sent over UDP.

“filter_expression”

Optional filtering expression enclosed in double quotes. See standard tcpdump man page for help on filter expressions.

Icon

Note that due to a tcpdump known issue with expression syntax, you need to construct your logical expressions so that the logical order of arguments does not affect packet saving.

“interfaces”

Optional list of interfaces to be supplied after the filtering expression. The list must be enclosed in double quotes (for example, "eth0 eth1").

max_file_size

Optional maximum output file size, to be specified after the list of interfaces. The value should be specified in bytes.

For example:

 

For more information on TCDUMP filtering, visit www.tcpdump.org

  • No labels