I need some help... I'm trying to only capture packets that have the IP ID of 4567. I'm having trouble setting the correct Capture flag. Right now I'm trying to work with IP[4] = 0x11D7. Can I just get some help to put me in the right direction? Thanks guys asked 07 Mar '17, 09:15 Kickinitlegit |
One Answer:
Google of "tcpdump filters ip id" found me this. Basically you need to specify the offset and length of the field, i.e.
answered 07 Mar '17, 09:31 grahamb ♦ |
Yep, that was it, i was forgetting the length... Thank you sir!