l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
December 2: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2002 Feb 11 23:34

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] tcpdump help was: packet sniffer help
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] tcpdump help was: packet sniffer help



You can try "tcpdump -i eth1 -F filterfile"  I am pretty sure this
will read the arguments stuff from the filter file and go around the
helpful shell.

If you want to look at the actual data add the "x" option...

tcpdump -xi eth1 host 10.10.6.103

Also sometimes I see a delay as the name server times out for the
reverse lookup... To get around this add the n option.

tcpdump -nxi eth1 host 10.10.6.103

I know you like the command line, but give some serious consideration
to running Ethereal.  It allows you to visually drill down on the
packet and highlights the portions of the payload for a selected
field in a protocol.  It also lets you follow a stream so, for 
example you could follow a telnet stream and see what went back and
forth between each side in text... It was _really_ useful when I 
debug HTTP or other high level protocols.

Joel

On Mon, Feb 11, 2002 at 05:46:01PM -0800, Peter Jay Salzman wrote:
> joel, i'm having trouble with tcpdump.  can you clear something up for
> me?   suppose i wanted to look at two (destination) ports at the same
> time.  this doesn't work:
> 
> 	tcpdump -i eth0 dst port 25906 && dst port 27950
> 
> i think the shell is trying to interpret the &&.
> 
>    satan# tcpdump -i eth0 dst port 25906 && dst port 27950
>    tcpdump: listening on eth0
>    <ctrl-c>  
>    0 packets received by filter
>    0 packets dropped by kernel
>    bash: dst: command not found
> 
> i replaced && with "and".  i added a "--".  tried quoting the whole
> argument with ''.  nothing seems to be working.  how does one go about
> "anding" conditions with tcpdump?
> 
> also, is there a way to look at the packet payload?  i'm not much
> interested in the raw packet themselves.   any way to peek at the
> contents using tcpdump?
> 
> pete
> 
> 
> begin Joel Baumert <kender@geeksource.net> 
> > If you want a graphical one Ethereal is really nice.  I alternate
> > between that, tcpdump, and ngrep.  Be aware that you may not be
> > able to sniff on a switched network unless you are the source or
> > destination of the packets.
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!