[vox-tech] tcpdump help was: packet sniffer help

[Peter Jay Salzman]

begin Matt Roper <matt@mattrope.com> 
> On Mon, Feb 11, 2002 at 05:46:01PM -0800, Peter Jay Salzman wrote:
> > joel, i'm having trouble with tcpdump.  can you clear something up for
> > me?   suppose i wanted to look at two (destination) ports at the same
> > time.  this doesn't work:
> > 
> > 	tcpdump -i eth0 dst port 25906 && dst port 27950
> > 
> > i think the shell is trying to interpret the &&.
> 
> I usually use "and", "or", and "not" instead of the symbols so that the
> shell won't try to interpret them.
> 
> But are you sure that 'and' is really the logic that you want?  Your
> rule will only match packets which are destined for both ports 25906 AND
> 27950 (which is impossible).  It seems like you should be using "or" so
> that the rule will match packets destined for either port.
 
*blush*

> > also, is there a way to look at the packet payload?  i'm not much
> > interested in the raw packet themselves.   any way to peek at the
> > contents using tcpdump?
> 
> I'm not sure about this.  I know that -v, -vv, and -vvv print out
> additional information about each packet, but I haven't really used them
> much.  Ethereal is a pretty useful tool if you want to view the packet
> contents since it can reconstruct packet sequences.
 
ok, i was leaning towards tcpdump because i "kind of sort of" know how
to use it.  when i can get from underneath the stack of papers i'm
grading right now, i'll make a concerted effort to learn ethereal.  when
joel posted the info, i installed it via apt-get.  will get a chance
sometime this week.

thanks for pointing out my embarrasing mistake!   :-)   i was wondering
why i got no output.

pete