> Interesting. In that case, what does "tcp port !22" do?
Exercises a not-all-that-clearly-documented part of the libpcap grammar;
from the tcpdump man page:
Primitives may be combined using:
A parenthesized group of primitives and operators
(parentheses are special to the Shell and must be
escaped).
Negation (`!' or `not').
Concatenation (`&&' or `and').
Alternation (`||' or `or').
Negation has highest precedence. Alternation and con-
catenation have equal precedence and associate left to
right. Note that explicit and tokens, not juxtaposi-
tion, are now required for concatenation.
If an identifier is given without a keyword, the most
recent keyword is assumed. For example,
not host vs and ace
is short for
not host vs and host ace
which should not be confused with
not ( host vs or ace )
The grammar rules that let you do
host vs and ace
rather than
host vs and host ace
also let you do
host not vs
and the same applies to "port".
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
