packettcpdumppacket-capturebpf

Apply a filter which reads all traffic apart from DNS and TCP using tcpdump


I tried these commands:

1.tcpdump -r bpf-pcap.pcapng -w op2.txt proto not dns and not tcp

2.tcpdump -r bpf-pcap.pcapng -w op2.txt proto not dns and tcp

None of these are correct. I also checked the manual page but couldn't find what's wrong.

What have I missed?


Solution

  • I think you want:

    tcpdump -r bpf-pcap.pcapng -w op2.pcap not port 53 and not tcp
    

    Note -w doesn't write a text file but a binary file with the raw packets.