How can I use TCPDump on Unix to view messages sent to a specific multicast address?

networking multicast tcpdump
John Humphreys - w00te picture John Humphreys - w00te · Oct 28, 2011 · Viewed 61.1k times · Source

I'm trying to view traffic transmitted to a specific multicast address on a network in order to analyze a protocol we're using.

I don't have Wireshark available on the setup (unfortunately). TCPDump is available though. So, can anyone show me a command have TCPDump filter to only view messages transmitted to a secific multicast group address?

Answer

Anders Lindahl picture Anders Lindahl · Oct 28, 2011

I believe this should be enough for a specific group:

tcpdump -i eth0 -s0 -vv host 239.255.255.250

All multicast traffic:

tcpdump -i eth0 -s0 -vv net 224.0.0.0/4

Related questions

How do I choose a multicast address for my application's use?

How should I choose an IPv4 multicast address for my application's use? I may need more than one (a whole range perhaps ultimately) but just want to avoid conflicts with other applications. Packets will be entirely contained within an administrative …

Read More
Multicast Join on Linux and IGMPv3

We've run into a thorny problem. We are writing a c++ program that receives multicast UDP traffic. We're in the process of moving our applications to a different network environment and our operations team has requested that we support IGMPv3 …

Read More
Multicast vs Broadcast in LAN

Is there any advantage to using a multicast group to send messages rather than just broadcasting them to a specific port? I understand that when broadcasting, other computers that don't want the messages receive them too, but how much does …

Read More