On Jul 22, 2004, at 9:10 AM, César Cárdenas wrote:
I am trying:
windump -i 2 'tcp[13]&2==2'
It recognizes the interface but still there doing nothing...
I assume from the "-i 2" that you have more than one interface on your machine. What happens if you try to connect from the machine running WinDump to a machine with an IP address that would cause the first machine to send a packet to the second machine over the interface that "-i 2" refers to, using some TCP-based protocol? Does it print anything?
Note that you might not see any packets from some other machine to some other machine; if that interface is on a switched network, you might only see broadcast packets, multicast packets, and unicast packets to and from your machine, not unicast packets between other machines:
http://www.tcpdump.org/faq.html#promiscsniff
- This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
