Although there's a lot that tcpdump filters can't do. To fill that gap is tethereal, the text-mode version of ethereal. It supports all of the tcpdump filters, plus its own "read filters" (i.e., `tethereal -R tcp.flags.syn==1 port 80`, or if you want to get really fun, stuff like `tethereal -R browser.command==0x09` will show all SMB GetBackupList command packets), plus lots of other nifty features.
I think it's cool. -Joe > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel F. Chief > Security Engineer - > Sent: Wednesday, March 13, 2002 3:02 PM > To: T o F; Netfilter - Mail list > Subject: Re: Tcpdump > > > you can write tcpdump filters. > > like this > > tcpdump -n -i eth0 net 192.168.0.0/24 > > this will only display packets with an IP going to or coming from that > network. > > you can also user src net for source net or dst for destination > net. there is > alot you can do with this. tcpdump filter are alomost an art form ; ) > > let me know if you need any help. > > > On Wednesday 13 March 2002 11:15 am, you wrote: > > Hi ! > > > > Is there any tool to dump packets, like tcpdump, but with the netfilters > > header ? for example to dump only "mark"ed packets, .... > > > > Thanks for info, > > > > ToF > > -- > Chief Security Engineer | Daniel Fairchild [EMAIL PROTECTED] > Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. > > > >
