[vox-tech] tcpdump help was: packet sniffer help
Peter Jay Salzman
vox-tech@lists.lugod.org
Mon, 11 Feb 2002 17:46:01 -0800
joel, i'm having trouble with tcpdump. can you clear something up for
me? suppose i wanted to look at two (destination) ports at the same
time. this doesn't work:
tcpdump -i eth0 dst port 25906 && dst port 27950
i think the shell is trying to interpret the &&.
satan# tcpdump -i eth0 dst port 25906 && dst port 27950
tcpdump: listening on eth0
<ctrl-c>
0 packets received by filter
0 packets dropped by kernel
bash: dst: command not found
i replaced && with "and". i added a "--". tried quoting the whole
argument with ''. nothing seems to be working. how does one go about
"anding" conditions with tcpdump?
also, is there a way to look at the packet payload? i'm not much
interested in the raw packet themselves. any way to peek at the
contents using tcpdump?
pete
begin Joel Baumert <kender@geeksource.net>
> If you want a graphical one Ethereal is really nice. I alternate
> between that, tcpdump, and ngrep. Be aware that you may not be
> able to sniff on a switched network unless you are the source or
> destination of the packets.