[tcpdump-workers] Example of `dir' spec in action..
How does one use the `dir' specifier? Can someone provide an example? There are none in man tcpdump. For example: With this command `tcpdump -w FILE -i eth1 host 192.168.1.7' How would one specify a direction of 192.168.1.7 == DESTINATION only. All my attempts result in one or another parse error For example: tcpdump -w FILE -i eth1 \( dir src host 192.168.1.7\) tcpdump: parse error tcpdump -w FILE -i eth1 host 192.168.1.7 dir src 192.168.1.7 tcpdump: parse error tcpdump -w FILE -i eth1 host 192.168.1.7 \(dir src 192.168.1.7\) tcpdump: parse error tcpdump -w FILE -i eth1 dir src 192.168.1.7 tcpdump: parse error I'm running out of ideas. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
Re: [tcpdump-workers] Example of `dir' spec in action..
On Mon, May 06, 2002 at 11:14:07AM -0700, Harry Putnam wrote: How does one use the `dir' specifier? Step 1: read the tcpdump man page using a tool that shows italics as such, or as underlined. :-) I.e., there is no specifier in libpcap filters using the word dir. dir is italicized in the man page, meaning it's not a word you use literally in filter expressions, it's a variable that refers to, in this case, one of the words src, dst, inbound, and outbound (the latter two of which work only for protocols such as SLIP), as per: Idir qualifiers specify a particular transfer direction to and/or from Iid. Possible directions are `src', `dst', `src or dst' and `src and dst'. E.g., `src foo', `dst net 128.3', `src or dst port ftp-data'. If there is no Idir qualifier, `src or dst' is assumed. For `null' link layers (i.e. point to point protocols such as slip) the `inbound' and `outbound' qualifiers can be used to specify a desired direction. (where Ixxx indicates stuff in italics). Can someone provide an example? There are none in man tcpdump. Well, there are examples in the man page paragraph above, e.g. src foo. For example: With this command `tcpdump -w FILE -i eth1 host 192.168.1.7' How would one specify a direction of 192.168.1.7 == DESTINATION only. If by that you mean that the source of the packet should be 192.168.1.7, and the destination of the packet doesn't matter, then it'd be tcpdump -w FILE -i eth0 src host 192.168.1.7 or tcpdump -w FILE -i eth0 src 192.168.1.7 - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
Re: [tcpdump-workers] Example of `dir' spec in action..
Guy Harris [EMAIL PROTECTED] writes: On Mon, May 06, 2002 at 11:14:07AM -0700, Harry Putnam wrote: How does one use the `dir' specifier? Step 1: read the tcpdump man page using a tool that shows italics as such, or as underlined. :-) Yikes, neither less nor more do so here. In fact the section that describes how to use the primitive `host' looks suspiciously like the section that tells how to use dir, only `host' *IS* supposed to be inserted literally, I.e., there is no specifier in libpcap filters using the word dir. dir is italicized in the man page, Ick.. sorry about the line noise .. and thanks. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
