[lug] tcpdump syntax
D. Stimits
stimits at attbi.com
Fri Apr 11 22:01:15 MDT 2003
I'm trying to port a simple tcp/ip client from windows to linux, and I
have most of it compiling, but I need to figure out some
newline/carriage return/EOL and login order info, and not getting
anywhere. I'm trying to use tcpdump on a linux bridge (device br0), but
I'm getting flooded out by my ssh connect and other connects not related
to the machine I want to watch. Filtering later with regular expressions
and macros works, but is a complete pain since the dump patter is
multiline. It looks like tcpdump should be able to dump data only for
packets with a source or destination of some particular IP address,
e.g., for IP 1.2.3.4, and nothing else, but I am at a loss. The
following syntax works for all tcp and does not filter, though it does
give the output I want buried in tons of data:
tcpdump -n -vv -X -s 0 tcp
Now according to the tcpdump man page, the final argument to tcpdump can
be an expression. I can get the expression to filter with tcp as shown
above, but the syntax of anything other than this is failing, giving me
a "tcpdump: parse error". I am not interested in the direction of
movment, I am interested in all tcp going to or from address (sample)
1.2.3.4. How would I extend this to limit it to only tcp:
tcpdump -n -vv -X -s 0 'host 1.2.3.4'
D. Stimits, stimits AT attbi DOT com
More information about the LUG
mailing list