You can try "tcpdump -i eth1 -F filterfile" I am pretty sure this will read the arguments stuff from the filter file and go around the helpful shell.
If you want to look at the actual data add the "x" option... tcpdump -xi eth1 host 10.10.6.103 Also sometimes I see a delay as the name server times out for the reverse lookup... To get around this add the n option. tcpdump -nxi eth1 host 10.10.6.103 I know you like the command line, but give some serious consideration to running Ethereal. It allows you to visually drill down on the packet and highlights the portions of the payload for a selected field in a protocol. It also lets you follow a stream so, for example you could follow a telnet stream and see what went back and forth between each side in text... It was _really_ useful when I debug HTTP or other high level protocols. Joel On Mon, Feb 11, 2002 at 05:46:01PM -0800, Peter Jay Salzman wrote: > joel, i'm having trouble with tcpdump. can you clear something up for > me? suppose i wanted to look at two (destination) ports at the same > time. this doesn't work: > > tcpdump -i eth0 dst port 25906 && dst port 27950 > > i think the shell is trying to interpret the &&. > > satan# tcpdump -i eth0 dst port 25906 && dst port 27950 > tcpdump: listening on eth0 > <ctrl-c> > 0 packets received by filter > 0 packets dropped by kernel > bash: dst: command not found > > i replaced && with "and". i added a "--". tried quoting the whole > argument with ''. nothing seems to be working. how does one go about > "anding" conditions with tcpdump? > > also, is there a way to look at the packet payload? i'm not much > interested in the raw packet themselves. any way to peek at the > contents using tcpdump? > > pete > > > begin Joel Baumert <[EMAIL PROTECTED]> > > If you want a graphical one Ethereal is really nice. I alternate > > between that, tcpdump, and ngrep. Be aware that you may not be > > able to sniff on a switched network unless you are the source or > > destination of the packets. _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
