[Dshield] Off topic tcpdump question - please

Patrick Oonk patrick at pine.nl
Fri May 24 20:10:56 GMT 2002

On Fri, May 24, 2002 at 07:20:38PM +0000, Tim Lamberth wrote:
> Could a *nix guru of sorts please tell me the correct syntax to use with 
> tcpdump to dump packets from a specific host on the local network to a file 
> for parsing? 
> TIA 
> Tim Lamberth
> tim at tllabs.net 
$ tcpdump -s 1500 src host > file


$ tcpdump -s 1500 -w file src host

In the latter example 'file' can be further processed with tcpdump
later with 

$ tcpdump -s 1500 -r file <some filter expression>

for example

$ tcpdump -s 1500 -r file dst port 1433

see also 'man tcpdump'


