Steve
11 years ago
Hello Dev Team,
Firstly, I apologise if this mail is going to the wrong place, but I
couldn't find anywhere else to send it to.
I've been using TCPDump for some time as a way of tracking and extracting
the domain names of http request for IPv4. As IPv6 becomes more prolific,
I've missing more and more data.
I note that on some documentation that the use of 'tcp' filter on Ipv6 isn't
supported because of the possibility of additional headers in IPv6 packets,
but I was wondering if there is some kind of work-around in order to seek
out the required information.
This was the string that I was using for Ipv4:
tcpdump -i eth0 -nn -s 0 -A port 80 and '(tcp[((tcp[12:1] & 0xf0) >> 2):4] =
0x47455420 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'
I've tried several different versions of converting these filters to 'ip6'
references but no packets are returned.
How can I get a working filter to capture the data I need?
Thanks
Steve.
Firstly, I apologise if this mail is going to the wrong place, but I
couldn't find anywhere else to send it to.
I've been using TCPDump for some time as a way of tracking and extracting
the domain names of http request for IPv4. As IPv6 becomes more prolific,
I've missing more and more data.
I note that on some documentation that the use of 'tcp' filter on Ipv6 isn't
supported because of the possibility of additional headers in IPv6 packets,
but I was wondering if there is some kind of work-around in order to seek
out the required information.
This was the string that I was using for Ipv4:
tcpdump -i eth0 -nn -s 0 -A port 80 and '(tcp[((tcp[12:1] & 0xf0) >> 2):4] =
0x47455420 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'
I've tried several different versions of converting these filters to 'ip6'
references but no packets are returned.
How can I get a working filter to capture the data I need?
Thanks
Steve.