tcpdump filter that excludes private ip traffic
Posted
by Kyle Brandt
on Server Fault
See other posts from Server Fault
or by Kyle Brandt
Published on 2010-03-17T19:26:49Z
Indexed on
2010/03/17
19:31 UTC
Read the original article
Hit count: 557
For a generic filter to exclude all traffic in my dump that is between private IP address, I came up with the following:
sudo tcpdump -n '
(not
(
(src net 172.16.0.0/20 or src net 10.0.0.0/8 or src net 192.168.0.0/16)
and
(dst net 172.16.0.0/20 or dst net 10.0.0.0/8 or dst net 192.168.0.0/16)
)
) and
(not
(
(dst net 172.16.0.0/20 or dst net 10.0.0.0/8 or dst net 192.168.0.0/16)
and
(src net 172.16.0.0/20 or src net 10.0.0.0/8 or src net 192.168.0.0/16)
)
)' -w test2.dump
Seems pretty excessive, but it also seems to work, is this filter a lot longer than it needs to be and there is better way to express this logic, or is there anything wrong with the filter?
© Server Fault or respective owner