I get a "Conflict merging filters on src ip" error when using tcpdump with boolean host filters, such as tcpdump -nni nt:0 host 10.1.1.1 and host 10.1.1.2.
I get the following error when using tcpdump with boolean host filters:
sudo /usr/local/bin/tcpdump -nni nt:0 host 10.1.1.1 and host 10.1.1.2 [debug][rules.c:323] Conflict merging filters on src ip The NIC manufacturer says this is an issue with the libpcap binaries and offers no support. The filters work fine on other built-in interfaces.
I've tried all manner of single or double quotes, parens, etc. with the same results.
However, if I expand it to specify source and destination IP's it works.
sudo /usr/local/bin/tcpdump -nni nt:0 '(src host 10.1.1.1 and dst host 10.1.1.2) or (dst host 10.1.1.1 and src host 10.1.1.2)' tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on nt:0, link-type EN10MB (Ethernet), snapshot length 262144 bytes tcpdump --version tcpdump version 4.99.1 libpcap version 1.10.1 (with TPACKET_V3) OpenSSL 1.1.1k FIPS 25 Mar 2021 We are using PF_RING and Napatech NICs. Someone on another forum said the error came from PF_RING. I have updated that and the NIC drivers to no avail.
Any help is appreciated.
