Re: tcpdump in freebsd
It works correct.Thanks for your help. On Thu, Jul 26, 2012 at 2:25 AM, Daniel Hartmeier wrote: > On Thu, Jul 26, 2012 at 08:35:29AM +, m s wrote: > > > hi all. I want to use tcpdump just for input or just for outout > > packet.isthis possible ? if no is there any other command that do > > this? > > If filtering by source MAC (or IP) is not enough, you can patch tcpdump > to hack in '-a in|out' using pcap_setdirection(). > > HTH, > Daniel > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: tcpdump in freebsd
thank you for your help. I will test it On Thu, Jul 26, 2012 at 9:25 AM, Daniel Hartmeier wrote: > On Thu, Jul 26, 2012 at 08:35:29AM +, m s wrote: > > > hi all. I want to use tcpdump just for input or just for outout > > packet.isthis possible ? if no is there any other command that do > > this? > > If filtering by source MAC (or IP) is not enough, you can patch tcpdump > to hack in '-a in|out' using pcap_setdirection(). > > HTH, > Daniel > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: tcpdump in freebsd
On Thu, Jul 26, 2012 at 08:35:29AM +, m s wrote:
> hi all. I want to use tcpdump just for input or just for outout
> packet.isthis possible ? if no is there any other command that do
> this?
If filtering by source MAC (or IP) is not enough, you can patch tcpdump
to hack in '-a in|out' using pcap_setdirection().
HTH,
Daniel
Index: contrib/tcpdump/tcpdump.1
===
RCS file: /home/ncvs/src/contrib/tcpdump/Attic/tcpdump.1,v
retrieving revision 1.19.2.1.8.1
diff -u -r1.19.2.1.8.1 tcpdump.1
--- contrib/tcpdump/tcpdump.1 3 Mar 2012 06:15:13 - 1.19.2.1.8.1
+++ contrib/tcpdump/tcpdump.1 26 Jul 2012 09:16:17 -
@@ -33,6 +33,12 @@
[
.B \-AdDefIKlLnNOpqRStuUvxX
] [
+.B \-a
+.I direction
+]
+.br
+.ti +8
+[
.B \-B
.I buffer_size
] [
@@ -194,6 +200,9 @@
special privileges.
.SH OPTIONS
.TP
+.B \-a
+Print only packets matching \fIdirection\fP, \fBin\fP or \fBout\fP.
+.TP
.B \-A
Print each packet (minus its link level header) in ASCII. Handy for
capturing web pages.
Index: contrib/tcpdump/tcpdump.c
===
RCS file: /home/ncvs/src/contrib/tcpdump/tcpdump.c,v
retrieving revision 1.14.2.1.8.1
diff -u -r1.14.2.1.8.1 tcpdump.c
--- contrib/tcpdump/tcpdump.c 3 Mar 2012 06:15:13 - 1.14.2.1.8.1
+++ contrib/tcpdump/tcpdump.c 26 Jul 2012 09:03:27 -
@@ -295,6 +298,7 @@
}
static pcap_t *pd;
+static pcap_direction_t aflag = PCAP_D_INOUT;
extern int optind;
extern int opterr;
@@ -537,11 +541,16 @@
opterr = 0;
while (
- (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:"
I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1)
+ (op = getopt(argc, argv, "a:A" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:"
I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1)
switch (op) {
case 'a':
- /* compatibility for old -a */
+ if (!strcmp(optarg, "in"))
+ aflag = PCAP_D_IN;
+ else if (!strcmp(optarg, "out"))
+ aflag = PCAP_D_OUT;
+ else
+ error("invalid direction %s", optarg);
break;
case 'A':
@@ -1023,6 +1032,12 @@
else if (*ebuf)
warning("%s", ebuf);
#endif /* HAVE_PCAP_CREATE */
+ if (aflag != PCAP_D_INOUT) {
+ status = pcap_setdirection(pd, aflag);
+ if (status != 0)
+ error("%s: pcap_setdirection failed: %s",
+ device, pcap_statustostr(status));
+ }
/*
* Let user own process after socket has been opened.
*/
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: tcpdump in freebsd
tcpdump -ni src host tcpdump -ni not src host ~Paul On Thu, Jul 26, 2012 at 08:35:29AM +, m s wrote: > hi all. I want to use tcpdump just for input or just for outout > packet.isthis possible ? if no is there any other command that do > this? > thanks > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
tcpdump in freebsd
hi all. I want to use tcpdump just for input or just for outout packet.isthis possible ? if no is there any other command that do this? thanks ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
