Re: How to use tcpdump

rlarson Thu, 11 Jul 2002 09:30:26 -0700

You should do
tcpdump -w tcpdump.txt    to grap the tcp traffic and dump the the raw data.
Now to read it you can do


tcpdump -r tcpdump.txt to read it (the -r is the only way to read this file)
Now when you do a tcpdump with a -w you can later on go and modified the
output on the file with other options for tcpdump.-N, -X or you can even
output this file to etherreal for viewing the traffic.

Rob

----- Original Message -----
From: "Frederic Baert Cen-IT" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, July 09, 2002 8:53 AM
Subject: RE: How to use tcpdump


And what about piping that to file for viewing at your leisure
| filename

fred

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: 09 July 2002 07:56
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: How to use tcpdump


Hi Daniel,

try this:

# tcpdump -i eth1 host 192.168.0.33


Use the following:

host        Specifies an IP address
port        Specifies a port number

There should be a help function.

PS: Are you using a Nokia IP530 device?





                      Daniel Nyström

                      <exce@netwinder.         To:
[EMAIL PROTECTED]
                      nu>                      cc:

                                               Subject: How to use tcpdump

                      08/07/2002 10:21

                      Please respond

                      to exce









Hello..

when I start tcpdump by just issuing

bash# tcpdump

or

bash# tcpdump -i eth1

the packets roll by to fast.. or to specify.. it logs all packets but
I'm only interested in a few of them. How do I limit the output
so that only.. lets say.. UDP packets coming from 192.168.0.33 is shown?
Or, lets say I want to see the package that BitchX sends bitchx.com at
the first startup..?


Thanks in advance,

                         Daniel


--


/***********************************
* Daniel Nyström, Telhack 026 Inc. *
***********************************/

http://www.SweSec.tk
http://www.telhack.tk






**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

Re: How to use tcpdump

Reply via email to