[Dshield] Off topic tcpdump question - please

Patrick Oonk patrick at pine.nl
Fri May 24 20:10:56 GMT 2002


On Fri, May 24, 2002 at 07:20:38PM +0000, Tim Lamberth wrote:
> Could a *nix guru of sorts please tell me the correct syntax to use with 
> tcpdump to dump packets from a specific host on the local network to a file 
> for parsing? 
> 
> TIA 
> 
> Tim Lamberth
> tim at tllabs.net 
> 
> "Every man is a genius until he opens his mouth"
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list
> 

$ tcpdump -s 1500 src host 192.168.0.10 > file

or

$ tcpdump -s 1500 -w file src host 192.168.0.10

In the latter example 'file' can be further processed with tcpdump
later with 

$ tcpdump -s 1500 -r file <some filter expression>

for example

$ tcpdump -s 1500 -r file dst port 1433

see also 'man tcpdump'

	p

-- 
 patrick oonk - pine internet - patrick at pine.nl - www.pine.nl/~patrick
 T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl 
 PGPid A4E74BBF  fp A7CF 7611 E8C4 7B79 CA36  0BFD 2CB4 7283 A4E7 4BBF
 Note: my NEW PGP key is available at http://www.pine.nl/~patrick/
 Excuse of the day: Small animal kamikaze attack on power
 supplies




More information about the list mailing list