> I am trying to filter tcpdump based on dest ports.
> My syntax is tcpdump dst port XXXX and port XXXX, although it reports it is
> listening it reports no packets (but when only one port is entered it is
> fine).
"dst port XXX and port YYY" will match packets sent to port XXX from
port YYY. It will *not* match packets sent to port YYY from port XXX.
("dst port XXX and dst port YYY" will, of course, match absolutely
nothing unless XXX and YYY are the same, but that's not the filter you
mentioned.)
What packets are you trying to select? Packets sent to port XXX *or* to
port YYY? If so, that's
dst port XXX or dst port YYY
> Also is it possible to have tcpdump report the originating TCP address
> rather than its resolved one??
"originating" and "resolved" in what sense?
I think of "originating" as meaning "source", i.e. a packet from
192.18.97.241 to 207.46.230.218 would have 192.18.97.241 as its
originating IP address.
I think of "resolved" as meaning "resolved using DNS", i.e. if you
resolve 192.18.97.241 you get "www.sun.com".
So, given those meanings of "originating" and "resolved", they're not
antonyms - you can get a resolved originating IP address.
If you mean you want an IP address rather than a name, use the "-n" flag
to tcpdump.
If you mean you want the source IP address rather than the destination
IP address, tcpdump gives you both of them, so there's no "rather than"
involved.
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
