Re: tcpdump filter for out/in traffic
Daniel O'Connor docon...@gsoft.com.au writes: I think it's more a question for the tcpdump maintainers. tcpdump does not parse the filter expression, it just passes it along to libpcap. DES -- Dag-Erling Smørgrav - d...@des.no ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: tcpdump filter for out/in traffic
On Sun, Jan 04, 2009 at 04:05:00PM +0200, KES wrote: There will be very usefull to have options for tcpdump to monitor incomint or outgoing traffic regardless of src/dst IPs or ports or protocol For example: kes# tcpdump -n -i rl4 out EXPECTED: show traffic outgoing on rl4 ACTUAL: tcpdump: syntax error kes# tcpdump -n -i rl4 in EXPECTED: show traffic incoming on rl4 ACTUAL: tcpdump: syntax error Hi! I use following trick for that: tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming And add MAC-address of rl4 to /etc/ethers with name 'me-rl4' or just 'me' if you need not watch other interfaces this way. Eugene Grosbein ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: tcpdump filter for out/in traffic
On Sun, Jan 4, 2009 at 10:56 AM, Eugene Grosbein eu...@kuzbass.ru wrote: On Sun, Jan 04, 2009 at 04:05:00PM +0200, KES wrote: There will be very usefull to have options for tcpdump to monitor incomint or outgoing traffic regardless of src/dst IPs or ports or protocol For example: kes# tcpdump -n -i rl4 out EXPECTED: show traffic outgoing on rl4 ACTUAL: tcpdump: syntax error kes# tcpdump -n -i rl4 in EXPECTED: show traffic incoming on rl4 ACTUAL: tcpdump: syntax error Hi! I use following trick for that: tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming And add MAC-address of rl4 to /etc/ethers with name 'me-rl4' or just 'me' if you need not watch other interfaces this way. Eugene Grosbein ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org don't even need an option you just have to filter the traffic correctly using tcpdump which Eugene already point out ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: tcpdump filter for out/in traffic
On Monday 05 January 2009 02:26:38 Eugene Grosbein wrote: On Sun, Jan 04, 2009 at 04:05:00PM +0200, KES wrote: There will be very usefull to have options for tcpdump to monitor incomint or outgoing traffic regardless of src/dst IPs or ports or protocol For example: kes# tcpdump -n -i rl4 out EXPECTED: show traffic outgoing on rl4 ACTUAL: tcpdump: syntax error kes# tcpdump -n -i rl4 in EXPECTED: show traffic incoming on rl4 ACTUAL: tcpdump: syntax error Hi! I use following trick for that: tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming And add MAC-address of rl4 to /etc/ethers with name 'me-rl4' or just 'me' if you need not watch other interfaces this way. I think it's more a question for the tcpdump maintainers. Also, in out don't necessarily mean traffic from your MAC address or the inverse. eg if you are running a bridge then in out will mean something different. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au The nice thing about standards is that there are so many of them to choose from. -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C signature.asc Description: This is a digitally signed message part.