Try: tcpdump -i eth0 dst port 25906 '&&' dst port 27950
Single quotes around &&. -Mark On Mon, 11 Feb 2002, Peter Jay Salzman wrote: > joel, i'm having trouble with tcpdump. can you clear something up for > me? suppose i wanted to look at two (destination) ports at the same > time. this doesn't work: > > tcpdump -i eth0 dst port 25906 && dst port 27950 > > i think the shell is trying to interpret the &&. > > satan# tcpdump -i eth0 dst port 25906 && dst port 27950 > tcpdump: listening on eth0 > <ctrl-c> > 0 packets received by filter > 0 packets dropped by kernel > bash: dst: command not found > > i replaced && with "and". i added a "--". tried quoting the whole > argument with ''. nothing seems to be working. how does one go about > "anding" conditions with tcpdump? > > also, is there a way to look at the packet payload? i'm not much > interested in the raw packet themselves. any way to peek at the > contents using tcpdump? > > pete > > > begin Joel Baumert <[EMAIL PROTECTED]> > > If you want a graphical one Ethereal is really nice. I alternate > > between that, tcpdump, and ngrep. Be aware that you may not be > > able to sniff on a switched network unless you are the source or > > destination of the packets. > _______________________________________________ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech > -- Mark K. Kim http://www.cbreak.org/mark/ PGP key available upon request. _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
