Hi Mike On Sat, Sep 20, 2014, at 03:28 PM, Michael Rash wrote: > > If I add the PCAP_FILTER, the syntax is all one line, right? E.g. > > > > - PCAP_FILTER udp port 62201; > > + PCAP_FILTER udp port 62201 ip <your preferred ip>; > > > > ? > > Yes, that should do it. Not at a system right now - you might need "host" > instead of "ip" (don't remember off the top of my head).
I'm a little unclear about PCAP_FILTER's syntax for multiple criteria For starters this definitely works PCAP_INTFC eth0; PCAP_FILTER udp port 62201; Looking to good docs on tcpdump's pcap selector syntax, to filter on both destination IP and port, you'd use tcpdump -i eth0 dst 192.168.1.1 and port 62201 in PCAP_FILTER, then, is it the same boolean syntax? i.e. udp port 62201 dst <your preferred ip>; or udp port 62201 and dst <your preferred ip>; ? Terry ------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
