On Sat, Apr 21, 2001 at 04:02:42PM +0200, Jean-Christophe JACQUES wrote:
> I recently read an article about tcpdump in Linux France Magazine and I
> try to use the commands which are discribed. Some of them are not
> accepted, like "tcpdump -X -s 0 dst host 0.0.0.0 and src host O.O.O.1
> and port 110 and tcp" ;-)
"O.O.O.1" isn't a valid IP address, but "0.0.0.1" is - in that
expression, the "src host" clause has the letter "O" rather than the
digit "0".
If I run the latest tcpdump with that filter, the error message is
tcpdump: unknown host 'O.O.O.1'
because "O.O.O.1" isn't a valid IP address, so it tries to interpret it
as a host name, instead - and there's no such host.
If, however, I use "0.0.0.1", it works:
% ./tcpdump -X -s 0 dst host 0.0.0.0 and src host 0.0.0.1 and port 110 and tcp
tcpdump: listening on fxp0
> Apparently, it's because I use tcpdump version 3.4 with libpcap version
> 0.5 running on my machine (Mandrake 7.2) and the test was done with
> tcpdump 3.6.1 and libpcap 0.6.1. So, I have downloaded the 3.6.2 and
> 0.6.2 and ./configure/make and make install these versions. Apparently
> It's OK, because I have not any error message. But when I retry the
> command "tcpdump -X -s 0 dst host 0.0.0.0 and src host O.O.O.1 and port
> 110 and tcp", the message is the same :
>
> tcpdump version 3.4
> libpcap version 0.5
> Usage: tcpdump [-adeflnNOpqStvx] [-c count] [ -F file ]
> [ -i interface ] [ -r file ] [ -s snaplen ]
> [ -T type ] [ -w file ] [ expression ]
However, that's a separate problem.
You aren't running the new tcpdump you've installed - it says "tcpdump
version 3.4", not "tcpdump version 3.6.1".
"make install" probably installed it in "/usr/local/bin"; what happens
if you run
/usr/local/bin/tcpdump -X -s 0 dst host 0.0.0.0 and src host 0.0.0.1 and port
110 and tcp
Does that work?
If so, what does the commmand
echo $PATH
print?
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
