'tcpdump and then got syntax error in filter expression
I am trying to make sure whether my board is getting information/packages from another board. So I type the following command in the terminal:
tcpdump -i any UDP port 26891 -x
And then the system responded with the following information:
tcpdump: syntax error in filter expression: syntax error
So what is the problem? And how should I fix it?
Solution 1:[1]
From the pcap-filter man page:
proto
proto qualifiers restrict the match to a particular protocol. Possible protocols are: ether, fddi, tr, wlan, ip, ip6, arp, rarp, decnet, sctp, tcp and udp.
And from the tcpdump man page:
expression
The expression argument can be passed to tcpdump as either a single Shell argument, or as multiple Shell arguments, whichever is more convenient. Generally, if the expression contains Shell metacharacters, such as backslashes used to escape protocol names, it is easier to pass it as a single, quoted argument rather than to escape the Shell metacharacters. Multiple arguments are concatenated with spaces before being parsed.
So, from this information, you should be able to realize that:
- UDP is an invalid proto.
- It's better to specify the filter expression last to avoid any possible misinterpretation, and it might be easier to read if it's quoted.
So, to correct the problem, try this command instead:
- Rename UDP to udp and move the
-xoption before the filter expression:tcpdump -i any -x "udp port 26891"
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Christopher Maynard |