Technical data
Troubleshooting Techniques and Tools
1.2 Isolating Problems
tcp
•
ether broadcast
True if the packet is an Ethernet broadcast packet. The
ether
keyword is
optional.
•
ip broadcast
(IPv4 networks only) True if the packet is an IP broadcast packet. It checks
for both the all-zeroes and all-ones broadcast conventions, and looks up the
local subnet mask.
•
ether multicast
True if the packet is an Ethernet multicast packet. The
ether
keyword is
optional. This is shorthand for:
ether[0] & 1 != 0
•
ip multicast
(IPv4 networks only) True if the packet is an IPv4 multicast packet.
•
ether proto protocol
True if the packet is of protocol type
ether
. The protocol argument can be a
number or a name, such as
ip
,
ipv6
, and
arp
.
Only Ethernet is supported with protocols
ip
,
ipv6
and
arp
for native tracing.
If reading a trace created on another platform,
tcpdump
will be able to filter
and format it correctly.
•
expr relop expr
True if the relation holds, where relop is one of the following:
•>
•<
•>=
•<=
•=
•,
•!=
expr is an arithmetic expression composed of integer constants (expressed in
standard C syntax), the normal binary operators [+, -, *, /, &, | ], a length
operator, and special packet data accessors.
1.2.5.2.5 Accessing Data Inside Packets To access data inside the packet, use
the following syntax:
proto [expr : size]
The following list describes the variables.
• The proto variable is one of the following:
ether
fddi
ip
arp
1–14 Troubleshooting Techniques and Tools