On Thu, 2002-04-11 at 21:39, Volker Kuhlmann wrote:
> Gurus,
Er, that would be a Greatly Undervalue Resource for UNIX ? :)
> how can I capture the data which goes over a net connection and meets a
> simple criteria of (remote-ip:port)?
>
> Yes I know of tcpdump and ethereal, but I don't find either easy to
> use, and more to the point, both produce copious amounts of tcp data
> (SYN bits, mac addresses, tcp-ack packets, etc bla bla) which I don't
> want to know of.
>
> Say I want to have the data (data only) which goes between my host and a
> remote:21 (i.e. ftp control channel) dumped into a file. Or, right now
The man page for tcpdump .... <paste>
expression
selects which packets will be dumped. If no expression
is given, all packets on the net will
be dumped. Otherwise, only packets for which expression
is `true' will be dumped.
The expression consists of one or more primitives.
Primitives usually consist of an id (name
or number) preceded by one or more qualifiers. There are
three different kinds of qualifier:
type qualifiers say what kind of thing the id name or
number refers to. Possible types are
host, net and port. E.g., `host foo', `net 128.3',
`port 20'. If there is no type
qualifier, host is assumed.
<looks lousy in this mailer, still it's readable>
Cheers, Rex
