[vox-tech] tcpdump help was: packet sniffer help
Mark K. Kim
vox-tech@lists.lugod.org
Mon, 11 Feb 2002 20:56:42 -0800 (PST)
Try:
tcpdump -i eth0 dst port 25906 '&&' dst port 27950
Single quotes around &&.
-Mark
On Mon, 11 Feb 2002, Peter Jay Salzman wrote:
> joel, i'm having trouble with tcpdump. can you clear something up for
> me? suppose i wanted to look at two (destination) ports at the same
> time. this doesn't work:
>
> tcpdump -i eth0 dst port 25906 && dst port 27950
>
> i think the shell is trying to interpret the &&.
>
> satan# tcpdump -i eth0 dst port 25906 && dst port 27950
> tcpdump: listening on eth0
> <ctrl-c>
> 0 packets received by filter
> 0 packets dropped by kernel
> bash: dst: command not found
>
> i replaced && with "and". i added a "--". tried quoting the whole
> argument with ''. nothing seems to be working. how does one go about
> "anding" conditions with tcpdump?
>
> also, is there a way to look at the packet payload? i'm not much
> interested in the raw packet themselves. any way to peek at the
> contents using tcpdump?
>
> pete
>
>
> begin Joel Baumert <kender@geeksource.net>
> > If you want a graphical one Ethereal is really nice. I alternate
> > between that, tcpdump, and ngrep. Be aware that you may not be
> > able to sniff on a switched network unless you are the source or
> > destination of the packets.
> _______________________________________________
> vox-tech mailing list
> vox-tech@lists.lugod.org
> http://lists.lugod.org/mailman/listinfo/vox-tech
>
--
Mark K. Kim
http://www.cbreak.org/mark/
PGP key available upon request.