Menu
I'm trying to view traffic transmitted to a specific multicast address on a network in order to analyze a protocol we're using.
I don't have Wireshark available on the setup (unfortunately). TCPDump is available though. So, can anyone show me a command have TCPDump filter to only view messages transmitted to a secific multicast group address?
537
For each network interface, a number and an interface name (possibly followed by a text description of the interface) is printed. The interface name or the number can be supplied to the -i flag to specify an interface on which to capture.
tcpdump allows you to specify network packets that are either using some port X as source or destination. For example, to capture DNS traffic, you can use port 53 . You could prefix the port keyword with src/dst as src port 53 or dst port 53 and filter it even further.
To receive multicast datagrams sent to a particular port, bind to the local port, leaving the local address unspecified, such as INADDR_ANY. In this case, every incoming multicast or broadcast UDP datagram destined for the shared port is delivered to all sockets bound to the port.
I believe this should be enough for a specific group:
tcpdump -i eth0 -s0 -vv host 239.255.255.250 All multicast traffic:
tcpdump -i eth0 -s0 -vv net 224.0.0.0/4 If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
