Reputation: 4347
Can tcpdump filter by application layer protocol?
I have not had much luck in finding a way for tcpdump to filter by the application layer protocol, like HTTP or FTP. It seems it can filter by at most transport layer protocols like TCP or UDP: https://linux.die.net/man/7/pcap-filter
Is it true tcpdump does not have the functionality to examine and identify application layer protocol headers, like Wireshark does?
Upvotes: 2
Views: 2133
Answers (1)
Reputation: 62635
tcpdump use the pcap filters syntax and allows you to filter by port with:
tcp port 80
or
tcp port 21
If you want to filter by application layer protocol, you will have to use TShark. With this tool you can use capture filters with the same syntax as pcap filters but also display filters which allow you to filter by application layer protocol with:
http
or
ftp
Upvotes: 3
Related Questions
- Multiple protocol filtering on Wireshark
- tcpdump to filter tcp traffic into csv file
- tcpdump filter src dst port
- tcpdump filter to get all packets with tcp options kind equals to x
- Is it possible to filter TCP retranmission packet in tcpdump?
- How to filter package content in wireshark?
- How to filter TCP option with wireshark?
- How to filter custom protocol packet?
- Command line filter with protocol ICMP
- how to dynamically modify the filter in tcpdump