Is it possible to create expression in tcpdump that would filter incoming packets with wildcard?
Something like this:
tcpdump -v -i bond0 -c 200 -Z root udp port 514 and src server-*.com
It doesn't work … I was only able to filter using exact name or IP:
tcpdump -v -i bond0 -c 200 -Z root udp port 514 and src server-oOo.domain.com
tcpdump -v -i bond0 -c 200 -Z root udp port 514 and src 10.20.32.100
I know that you can filter using grep, but when you use verbose output, it will generate multiple lines per packet, making grep unusable in this scenario (it will omit those lines):
tcpdump -v -i bond0 -c 200 -Z root udp port 514 | grep 'server-.*\.com'
Thank you!
Best Answer
So, in the end, I've found out that whether you use -v or -vvv, (correct me if I am wrong) there will be always just one additional line, and so you can do this: