Zdravstvujte, matt.
Vy pisali 4 yanvarya 2009 g., 22:23:16:
On Sun, Jan 4, 2009 at 10:56 AM, Eugene Grosbein [1]eu...@kuzbass.ru
wrote:
On Sun, Jan 04, 2009 at 04:05:00PM +0200, KES wrote:
There will be very usefull to have options for tcpdump to monitor
incomint or outgoing traffic regardless of src/dst IPs or ports or
protocol
For example:
kes# tcpdump -n -i rl4 out
EXPECTED: show traffic outgoing on rl4
ACTUAL: tcpdump: syntax error
kes# tcpdump -n -i rl4 in
EXPECTED: show traffic incoming on rl4
ACTUAL: tcpdump: syntax error
Hi!
I use following trick for that:
tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing
tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming
And add MAC-address of rl4 to /etc/ethers with name 'me-rl4'
or just 'me' if you need not watch other interfaces this way.
Eugene Grosbein
___
[2]freebsd-hack...@freebsd.org mailing list
[3]http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to
[4]freebsd-hackers-unsubscr...@freebsd.org
don't even need an option you just have to filter the traffic
correctly using tcpdump which Eugene already point out
tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing
tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming
That will not help
I can not add ether because of this is PPPoE interface.
I can not use 'me' because of I need to view going through traffic. It
is not originated from 'me'.
For example I have mpd5. I set up PPPoE connection with my ISP. (ng0)
I have VPN server for LAN users it also mpd5 (ng1 ng2 ng3 etc)
I do NAT with MPD.
so when I do tcpdump -n -i ng0 I get:
18:52:11.781281 IP 192.168.5.11.2348 95.57.143.109.64350: P
1853247053:1853247057(4) ack 1650009540 win 17080
18:52:11.783777 IP 81.19.80.166.80 192.168.4.5.2839: .
11790:13150(1360) ack 0 win 65535
18:52:11.784218 IP 192.168.4.9.3298 82.144.223.61.80: . ack 21761
win 17680
18:52:11.787732 IP 81.19.80.166.80 192.168.4.5.2839: .
13150:14510(1360) ack 0 win 65535
18:52:11.789122 IP 192.168.5.15.2903 89.178.118.23.16562: .
13601:14961(1360) ack 0 win 16659
18:52:11.790065 IP 192.168.5.15.1386 78.106.215.39.18155: . ack
18981 win 17680
18:52:11.791181 IP 192.168.5.15.1311 79.174.64.193.80: . ack 5441
win 17680
18:52:11.791889 IP 81.19.80.166.80 192.168.4.5.2839: .
14510:15870(1360) ack 0 win 65535
18:52:11.792176 IP 192.168.5.15.4969 87.241.174.129.41954: . ack 18
win 16635
18:52:11.792200 IP 192.168.8.13.1616 217.20.174.228.80: . ack 1361
win65535 nop,nop,sack 1 {4081:6801}
So 'in/out' ouptions will help.
--
S uvazheniem,
KES [5]mailto:kes-...@yandex.ru
References
1. mailto:eu...@kuzbass.ru
2. mailto:freebsd-hackers@freebsd.org
3. http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
4. mailto:freebsd-hackers-unsubscr...@freebsd.org
5. mailto:kes-...@yandex.ru
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org