Tcpdump FreeBSD 14.1

kerogaz · October 21, 2024, 8:11am

Why I type 10.44.5.10 bat tcpdump show 10.44.5.100?

tcpdump -i igb3 -q | grep 10.44.5.10
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on igb3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
10:45:32.535345 IP 10.44.1.214.https > 10.44.5.10.36498: tcp 51
10:45:32.535364 IP 10.44.1.214.https > 10.44.5.10.36498: tcp 51
10:45:32.728927 IP 10.44.1.214.https > 10.44.5.10.36498: tcp 0
10:45:32.728934 IP 10.44.1.214.https > 10.44.5.10.36498: tcp 0
10:45:32.856089 IP 185-177-126-133.hosted-by-worldstream.net.http > 10.44.5.100.51305: UDP, length 65
10:45:32.857310 IP 10.44.5.100.51305 > 185-177-126-133.hosted-by-worldstream.net.http: UDP, length 65
10:46:22.007939 IP 185-177-126-133.hosted-by-worldstream.net.http > 10.44.5.100.51305: UDP, length 65
10:46:22.009055 IP 10.44.5.100.51305 > 185-177-126-133.hosted-by-worldstream.net.http: UDP, length 65

MadeInGermany · October 21, 2024, 8:40am

Welcome!

By default grep matches everywhere, even inside a "word". But you can tell it to require word boundaries:

tcpdump -i igb3 -q | grep -w 10.44.5.10

Still not precise, because a dot means "any character". So it should be

tcpdump -i igb3 -q | grep -w "10\.44\.5\.10"

An alternative is to tell grep to not use a regular expression:

tcpdump -i igb3 -q | grep -Fw 10.44.5.10

bendingrodriguez · October 21, 2024, 1:48pm

Hi @kerogaz,

instead of grepping you could use tcpdump's filter ability:

$ tcpdump -i igb3 -n host 10.44.5.10

kerogaz · October 21, 2024, 8:21pm

Thank very much