[Dshield] Off topic tcpdump question - please

Mark Rowlands mark.rowlands at minmail.net
Fri May 24 20:16:20 GMT 2002


On Friday 24 May 2002 9:20 pm, Tim Lamberth wrote:
> Could a *nix guru of sorts please tell me the correct syntax to use with
> tcpdump to dump packets from a specific host on the local network to a file
> for parsing?
>
> TIA
>
> Tim Lamberth
> tim at tllabs.net
>
> "Every man is a genius until he opens his mouth"

define parsing in this context ;-)

tcpdump -i interface -w somefile -vvv (get lots of info)   -s 0 (get all of 
the packet)  host foo   

will get you a file readable with tcpdump -r

or 
tcpdump -i interface  -vvv (get lots of info)   -s 0 (get all of the packet)  
host foo  > somefile




More information about the list mailing list