On Mon, Feb 11, 2002 at 05:46:01PM -0800, Peter Jay Salzman wrote: > joel, i'm having trouble with tcpdump. can you clear something up for > me? suppose i wanted to look at two (destination) ports at the same > time. this doesn't work: > > tcpdump -i eth0 dst port 25906 && dst port 27950 > > i think the shell is trying to interpret the &&.
I usually use "and", "or", and "not" instead of the symbols so that the shell won't try to interpret them. But are you sure that 'and' is really the logic that you want? Your rule will only match packets which are destined for both ports 25906 AND 27950 (which is impossible). It seems like you should be using "or" so that the rule will match packets destined for either port. > also, is there a way to look at the packet payload? i'm not much > interested in the raw packet themselves. any way to peek at the > contents using tcpdump? I'm not sure about this. I know that -v, -vv, and -vvv print out additional information about each packet, but I haven't really used them much. Ethereal is a pretty useful tool if you want to view the packet contents since it can reconstruct packet sequences. Matt -- ************************************************* * Matt Roper <[EMAIL PROTECTED]> * * http://www.mattrope.com * * PGP Key: http://www.mattrope.com/mattrope.asc * ************************************************* _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
