begin Matt Roper <[EMAIL PROTECTED]> > On Mon, Feb 11, 2002 at 05:46:01PM -0800, Peter Jay Salzman wrote: > > joel, i'm having trouble with tcpdump. can you clear something up for > > me? suppose i wanted to look at two (destination) ports at the same > > time. this doesn't work: > > > > tcpdump -i eth0 dst port 25906 && dst port 27950 > > > > i think the shell is trying to interpret the &&. > > I usually use "and", "or", and "not" instead of the symbols so that the > shell won't try to interpret them. > > But are you sure that 'and' is really the logic that you want? Your > rule will only match packets which are destined for both ports 25906 AND > 27950 (which is impossible). It seems like you should be using "or" so > that the rule will match packets destined for either port. *blush*
> > also, is there a way to look at the packet payload? i'm not much > > interested in the raw packet themselves. any way to peek at the > > contents using tcpdump? > > I'm not sure about this. I know that -v, -vv, and -vvv print out > additional information about each packet, but I haven't really used them > much. Ethereal is a pretty useful tool if you want to view the packet > contents since it can reconstruct packet sequences. ok, i was leaning towards tcpdump because i "kind of sort of" know how to use it. when i can get from underneath the stack of papers i'm grading right now, i'll make a concerted effort to learn ethereal. when joel posted the info, i installed it via apt-get. will get a chance sometime this week. thanks for pointing out my embarrasing mistake! :-) i was wondering why i got no output. pete _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
