pcap filter

tcpdump and ngrep are both based on libpcap. Therefore both use the same filter expressions.

Here is the manual page of the pcap filter expression.

These filter expressions are also used in FortiGate’s diag sniffer packet command.

Close Menu