Zdravstvujte, matt. Vy pisali 4 yanvarya 2009 g., 22:23:16:
> On Sun, Jan 4, 2009 at 10:56 AM, Eugene Grosbein <[1]eu...@kuzbass.ru> wrote: On Sun, Jan 04, 2009 at 04:05:00PM +0200, KES wrote: > There will be very usefull to have options for tcpdump to monitor > incomint or outgoing traffic regardless of src/dst IPs or ports or protocol > > For example: > > kes# tcpdump -n -i rl4 out > EXPECTED: show traffic outgoing on rl4 > ACTUAL: tcpdump: syntax error > > kes# tcpdump -n -i rl4 in > EXPECTED: show traffic incoming on rl4 > ACTUAL: tcpdump: syntax error Hi! I use following trick for that: tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming And add MAC-address of rl4 to /etc/ethers with name 'me-rl4' or just 'me' if you need not watch other interfaces this way. Eugene Grosbein _______________________________________________ [2]freebsd-hack...@freebsd.org mailing list [3]http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[4]freebsd-hackers-unsubscr...@freebsd.org" don't even need an option you just have to filter the traffic correctly using tcpdump which Eugene already point out >tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing >tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming That will not help I can not add ether because of this is PPPoE interface. I can not use 'me' because of I need to view going through traffic. It is not originated from 'me'. For example I have mpd5. I set up PPPoE connection with my ISP. (ng0) I have VPN server for LAN users it also mpd5 (ng1 ng2 ng3 .... etc) I do NAT with MPD. so when I do tcpdump -n -i ng0 I get: 18:52:11.781281 IP 192.168.5.11.2348 > 95.57.143.109.64350: P 1853247053:1853247057(4) ack 1650009540 win 17080 18:52:11.783777 IP 81.19.80.166.80 > 192.168.4.5.2839: . 11790:13150(1360) ack 0 win 65535 18:52:11.784218 IP 192.168.4.9.3298 > 82.144.223.61.80: . ack 21761 win 17680 18:52:11.787732 IP 81.19.80.166.80 > 192.168.4.5.2839: . 13150:14510(1360) ack 0 win 65535 18:52:11.789122 IP 192.168.5.15.2903 > 89.178.118.23.16562: . 13601:14961(1360) ack 0 win 16659 18:52:11.790065 IP 192.168.5.15.1386 > 78.106.215.39.18155: . ack 18981 win 17680 18:52:11.791181 IP 192.168.5.15.1311 > 79.174.64.193.80: . ack 5441 win 17680 18:52:11.791889 IP 81.19.80.166.80 > 192.168.4.5.2839: . 14510:15870(1360) ack 0 win 65535 18:52:11.792176 IP 192.168.5.15.4969 > 87.241.174.129.41954: . ack 18 win 16635 18:52:11.792200 IP 192.168.8.13.1616 > 217.20.174.228.80: . ack 1361 win65535 <nop,nop,sack 1 {4081:6801}> So 'in/out' ouptions will help. -- S uvazheniem, KES [5]mailto:kes-...@yandex.ru References 1. mailto:eu...@kuzbass.ru 2. mailto:freebsd-hackers@freebsd.org 3. http://lists.freebsd.org/mailman/listinfo/freebsd-hackers 4. mailto:freebsd-hackers-unsubscr...@freebsd.org 5. mailto:kes-...@yandex.ru _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
