Daniel,
Here is a tcpdump pocket reference guide from www.sans.org that you might find particularly useful. http://www.sans.org/newlook/resources/tcpip.pdf Hope that helps. regards, Jordan -----Original Message----- From: Daniel Nyström [mailto:[EMAIL PROTECTED]] Sent: Monday, July 08, 2002 2:21 AM To: [EMAIL PROTECTED] Subject: How to use tcpdump Hello.. when I start tcpdump by just issuing bash# tcpdump or bash# tcpdump -i eth1 the packets roll by to fast.. or to specify.. it logs all packets but I'm only interested in a few of them. How do I limit the output so that only.. lets say.. UDP packets coming from 192.168.0.33 is shown? Or, lets say I want to see the package that BitchX sends bitchx.com at the first startup..? Thanks in advance, Daniel -- /*********************************** * Daniel Nyström, Telhack 026 Inc. * ***********************************/ http://www.SweSec.tk http://www.telhack.tk *********************************************************************** This message is intended only for the use of the intended recipient and may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any use, dissemination, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please destroy all copies of this message and its attachments and notify us immediately. ***********************************************************************
