help with tcpdump cmd syntax
freebsd at orchid.homeunix.org
Sat Apr 8 13:19:55 UTC 2006
On 08/04/2006 14:56, fbsd_user wrote:
> I tried
> tcpdump -i rl0 src host 22.214.171.124 -w /usr/tcpdump.data
> tcpdump -i rl0 host 126.96.36.199 -w /usr/tcpdump.data
> tcpdump -i rl0 src ip 188.8.131.52 -w /usr/tcpdump.data
> but got syntax error msg with no hint of what was wrong
> If I remove the -w stuff it works. Meaning it prints to the screen.
> But I want to write to file
> Can you help me out here on the syntax error?
Have a look at 'tcpdump -h' (or man, of course). Expression (i.e. 'src
host 184.108.40.206') is the last argument. This should work:
tcpdump -i rl0 -w /usr/tcpdump.data src host 220.127.116.11
> One other thing. When does tcpdump get access to the packet?
> My firewall has a block log rule for that ip address.
> Does tcpdump see the packet before ipfilter ipnat does?
Yes. I'm not familiar with kernel code, but I can perfectly see all
packets with tcpdump.
Karol Kwiatkowski <freebsd at orchid dot homeunix dot org>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060408/5a74a782/signature.pgp
More information about the freebsd-questions