if you're like me, i've found it is often easier and simpler to just use standard bash pipes & redirection for most tcpdump logging and parsing, etc. tcpdump -i eth1 | grep udp | grep 192.168.0.33 | less (or something to that affect)
>From: Wesley Shields <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: How to use tcpdump >Date: Mon, 8 Jul 2002 17:00:05 -0400 > >On Mon, Jul 08, 2002 at 11:21:07AM +0200, Daniel Nystrm wrote: > > > Hello.. > > > > when I start tcpdump by just issuing > > > > bash# tcpdump > > > > or > > > > bash# tcpdump -i eth1 > > > > the packets roll by to fast.. or to specify.. it logs all packets but > > I'm only interested in a few of them. How do I limit the output > > so that only.. lets say.. UDP packets coming from 192.168.0.33 is shown? > > Or, lets say I want to see the package that BitchX sends bitchx.com at > > the first startup..? > > > > > > Thanks in advance, > > > > Daniel > > > > > > -- > > > > > > /*********************************** > > * Daniel Nyström, Telhack 026 Inc. * > > ***********************************/ > > > > http://www.SweSec.tk > > http://www.telhack.tk > > > >The short answer to your question is to read the man page, it gives a >decent description of the bpf filter strings and how you can use them. >Without going into a lot of detail you probably want to use the host (or >src or dst) arguments. Example: > >tcpdump -i ep0 -e host 192.168.1.1 (this will show all packets to and from >192.168.1.1 and include layer 2 information). > >I often use the -w file to write the output later to a file and then use >tcpshow to read that file and will often just grep through it. Either way, >what you are looking for is in the tcpdump man page. > >-- WXS >Wesley Shields _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com