[vox-tech] tcpdump help was: packet sniffer help

Matt Roper vox-tech@lists.lugod.org
Mon, 11 Feb 2002 22:21:53 -0800


On Mon, Feb 11, 2002 at 05:46:01PM -0800, Peter Jay Salzman wrote:
> joel, i'm having trouble with tcpdump.  can you clear something up for
> me?   suppose i wanted to look at two (destination) ports at the same
> time.  this doesn't work:
> 
> 	tcpdump -i eth0 dst port 25906 && dst port 27950
> 
> i think the shell is trying to interpret the &&.

I usually use "and", "or", and "not" instead of the symbols so that the
shell won't try to interpret them.

But are you sure that 'and' is really the logic that you want?  Your
rule will only match packets which are destined for both ports 25906 AND
27950 (which is impossible).  It seems like you should be using "or" so
that the rule will match packets destined for either port.

> also, is there a way to look at the packet payload?  i'm not much
> interested in the raw packet themselves.   any way to peek at the
> contents using tcpdump?

I'm not sure about this.  I know that -v, -vv, and -vvv print out
additional information about each packet, but I haven't really used them
much.  Ethereal is a pretty useful tool if you want to view the packet
contents since it can reconstruct packet sequences.

Matt

-- 

*************************************************
* Matt Roper <matt@mattrope.com>                *
* http://www.mattrope.com                       *
* PGP Key: http://www.mattrope.com/mattrope.asc *
*************************************************