Is it possible to change the position of [expression] part in tcpdump ?
eg: tcpdump -i eth0 ip6 -w capture.pcap.
According to the syntax ip6 should be at the end but is it possible this way or any other way without ending up as syntax error.
If yes how and if no why ??
May I get any help on this?
tcpdump syntax: tcpdump [ -adeflnNOpqRStuvxX ] [ -c count ]
[ -C file_size ] [ -F file ]
[ -i interface ] [ -m module ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -U user ] [ -w file ]
[ -E algo:secret ] [ expression ]
Is it possible to change the position of
[expression]part in tcpdump ?
No.
If yes how and if no why ??
Because the UN*X command line syntax standard puts "flag" options - options beginning with a -, possibly with an argument to the flag option - before non-flag options, such as the capture filter expression.
According to the syntax ip6 should be at the end
Then put it there:
tcpdump -i eth0 -w capture.pcap ip6