Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martin_Hofbauer
Contributor
Contributor

Filter syntax for g_tcpdump required when mixing "and" and "or"

in tcpdump in bash following works as expected:

 

# tcpdump -i eth0 host A and host B and \(port C or port D\)

( round brackets ensure, that the "or" statement is only valid for the port numbers )

 

But I was not able to figure out howto do it with "g_tcpdump" to have the same results.

Any ideas ?

 

0 Kudos
3 Replies
Anatoly
Employee
Employee

Hi,

It should be the same as tcpdump, just g_. If it doesn't work, try to do g_all tcpdump ….

 

Thanks

 

Anatoly

0 Kudos
HeikoAnkenbrand
Champion Champion
Champion

Hi @Anatoly 

in principle, the difference is clear to me. "g_all" executes the commands on all SGMs.

Is there a technical difference between "g_tcpdump" and "g_all tcpdump".

PS:
With  "g_tcpdump" filters I can also see that some things do not work 100% correct.

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Anatoly
Employee
Employee

g_tcpdump and g_all tcpdump should be the same. However, since g_tcpdump has been developed as separate command, some differences may apply.

Please open support ticket if it's critical, if not - just use g_all tcpdump

0 Kudos