Bob,
> Besides, tcpdump's man pages, is there another reference with
> more examples for building filter.
>
> For example, filter these packets, for these protocols, but
> not for these
> IP addresses unless it for this particular protocol.
You mean something like this?
(
not (net 192.168.5.0 mask 255.255.255.0) # exclude this network
and
(udp port 161 or tcp port 80 or icmp) # only get the
interesting protocols
) or (
(net 192.168.5.0 mask 255.255.255.0) # unless this network
and
udp port 162 # is sending us SNMP Traps.
)
Which on one line looks like this:
(not(net 192.168.5.0 mask 255.255.255.0) and (udp port 161 or tcp port 80 or
icmp)) or ((net 192.168.5.0 mask 255.255.255.0) and udp port 162)
Alistair
-----------------------------------------------------------------------
Registered Office:
Marks & Spencer p.l.c
Michael House, Baker Street,
London, W1U 8EP
Registered No. 214436 in England and Wales.
Telephone (020) 7935 4422
Facsimile (020) 7487 2670
www.marksandspencer.com
Please note that electronic mail may be monitored.
This e-mail is confidential. If you received it by mistake, please let us know and
then delete it from your system; you should not copy, disclose, or distribute its
contents to anyone nor act in reliance on this e-mail, as this is prohibited and may
be unlawful.
The registered office of Marks and Spencer Financial Services PLC, Marks and Spencer
Unit Trust Management Limited, Marks and Spencer Life Assurance Limited and Marks and
Spencer Savings and Investments Limited is Kings Meadow, Chester, CH99 9FB.
