On Monday 05 January 2009 02:26:38 Eugene Grosbein wrote: > On Sun, Jan 04, 2009 at 04:05:00PM +0200, KES wrote: > > There will be very usefull to have options for tcpdump to monitor > > incomint or outgoing traffic regardless of src/dst IPs or ports or > > protocol > > > > For example: > > > > kes# tcpdump -n -i rl4 out > > EXPECTED: show traffic outgoing on rl4 > > ACTUAL: tcpdump: syntax error > > > > kes# tcpdump -n -i rl4 in > > EXPECTED: show traffic incoming on rl4 > > ACTUAL: tcpdump: syntax error > > Hi! > > I use following trick for that: > > tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing > tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming > > And add MAC-address of rl4 to /etc/ethers with name 'me-rl4' > or just 'me' if you need not watch other interfaces this way.
I think it's more a question for the tcpdump maintainers. Also, in & out don't necessarily mean traffic from your MAC address or the inverse. eg if you are running a bridge then in & out will mean something different. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
signature.asc
Description: This is a digitally signed message part.