Create a Post
Showing results for 
Search instead for 
Did you mean: 

cppcap and IPv6 host filters

Hello Check Mates,

cppcap is out for quite a while now, but everytime when I want to do IPv6 captures with it, I am struggeling with the filter syntax.

sk141412 tells us, that IPv6 is supported and the filter syntax is the one from libpcap. However, filter strings with IPv6 hosts which work in tcpdump do not work with cppcap.

cppcap -f 'host 2a02:26f0:12d:58c::4b36 or host 2a02:26f0:12d:59c::4b36' -o test.pcap -w 10M -W 2

is not showing any error message, but also not capturing traffic.

cppcap -f 'host' -o test.pcap -w 10M -W 2

is capturing the IPv6 traffic, showing exactly the IPv6 addresses in capture, that I used for the filter above. The FQDN used here resolves to the two IPv6 addresses shown above.

When using tcpdump:

tcpdump -i eth0 -w test.pcap host 2a02:26f0:12d:58c::4b36 or host 2a02:26f0:12d:59c::4b36

it is working fine.

Am I holding it wrong? 🙂

Does anyone got cppcap to work with IPv6 host filter strings?

The workaround in using tcpdump instead of cppcap is not suitable in production, because of the load (as mentioned in the sk).

The workround in using FQDN instead of IPv6 address in filter string is not suitable for obvious reasons.

Version: R80.40 JHF T161.


Thank you for any ideas!

0 Kudos
2 Replies

Can you get what you need from "fw monitor" rather than tcpdump?

Otherwise if the syntax is not operating as you expect I would work the examples through further with TAC.

0 Kudos

Hey Chris, thanks for that idea. While fw6 monitor -F works for very simple scenarios and the performance impact is not as bad as with tcpdump, it is still much more ressource intensive compared to cppcap. And we have all the overhead from the multiple chain position capturing.

I will try asking the sk owner first, if that does not work, I will file a TAC case. Just wanted to ask community first, maybe I am just doing it wrong.

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events