tcpdump src 192.168.0.33 <--- Only capture traffic
from 192.168.0.33
tcpdump dst 192.168.0.33 <--- Only capture traffic to
192.168.0.33
tcpdump host 192.168.0.33 and udp <--- Capture all UDP traffic
to and from 192.168.0.33
tcpdump src 192.168.0.33 and dst 192.168.0.34 and not icmp
^---- Capture all traffic from 192.168.0.33 going to
192.168.0.34 which is not ICMP
Read the full documentation at http://www.tcpdump.org/tcpdump_man.html for
more info. It might take a bit of reading to get through it and understand
it, but once you get a hang of it, it's a very handy thing to know. Let me
know if you need any more help.
Randy Graham
> -----Original Message-----
> From: Daniel Nystr�m [mailto:[EMAIL PROTECTED]]
> Sent: Monday, July 08, 2002 5:21 AM
> To: [EMAIL PROTECTED]
> Subject: How to use tcpdump
>
>
> Hello..
>
> when I start tcpdump by just issuing
>
> bash# tcpdump
>
> or
>
> bash# tcpdump -i eth1
>
> the packets roll by to fast.. or to specify.. it logs all packets but
> I'm only interested in a few of them. How do I limit the output
> so that only.. lets say.. UDP packets coming from
> 192.168.0.33 is shown?
> Or, lets say I want to see the package that BitchX sends bitchx.com at
> the first startup..?
>
>
> Thanks in advance,
>
> Daniel
>
>
> --
>
>
> /***********************************
> * Daniel Nystr�m, Telhack 026 Inc. *
> ***********************************/
>
> http://www.SweSec.tk
> http://www.telhack.tk
>
>
