Running linux ubuntu.
Essentially, why is this command a syntax error: -
tcpdump -i eth0 -n udp -X -v -s 1514 'tcp[40:4] = 0x31323334'
Which should show udp packets with '1234' at the 40th byte.
I mean, I get that udp isn't a tcp packet, but the logic should still work. Given it doesn't how can I write this?
try the following:
tcpdump -i eth0 -X -v -s 1514 'udp[40:4] = 0x31323334'
Afaik, proto relop filters should match only the protocol you specify, -n udp should not be needed.