Date: Thu, 26 Jul 2012 11:25:49 +0200 From: Daniel Hartmeier <daniel@benzedrine.cx> To: m s <mah.s.369@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: tcpdump in freebsd Message-ID: <20120726092549.GA3153@insomnia.benzedrine.cx> In-Reply-To: <CAJJwNVJ1sj-j=Rrb7PHU6%2Bb-hrm3WqRgWyN-2XpH-qTme_SOfg@mail.gmail.com> References: <CAJJwNVJ1sj-j=Rrb7PHU6%2Bb-hrm3WqRgWyN-2XpH-qTme_SOfg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
On Thu, Jul 26, 2012 at 08:35:29AM +0000, m s wrote:
> hi all. I want to use tcpdump just for input or just for outout
> packet.isthis possible ? if no is there any other command that do
> this?
If filtering by source MAC (or IP) is not enough, you can patch tcpdump
to hack in '-a in|out' using pcap_setdirection().
HTH,
Daniel
--IJpNTDwzlM2Ie8A6
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="tcpdump.diff"
Index: contrib/tcpdump/tcpdump.1
===================================================================
RCS file: /home/ncvs/src/contrib/tcpdump/Attic/tcpdump.1,v
retrieving revision 1.19.2.1.8.1
diff -u -r1.19.2.1.8.1 tcpdump.1
--- contrib/tcpdump/tcpdump.1 3 Mar 2012 06:15:13 -0000 1.19.2.1.8.1
+++ contrib/tcpdump/tcpdump.1 26 Jul 2012 09:16:17 -0000
@@ -33,6 +33,12 @@
[
.B \-AdDefIKlLnNOpqRStuUvxX
] [
+.B \-a
+.I direction
+]
+.br
+.ti +8
+[
.B \-B
.I buffer_size
] [
@@ -194,6 +200,9 @@
special privileges.
.SH OPTIONS
.TP
+.B \-a
+Print only packets matching \fIdirection\fP, \fBin\fP or \fBout\fP.
+.TP
.B \-A
Print each packet (minus its link level header) in ASCII. Handy for
capturing web pages.
Index: contrib/tcpdump/tcpdump.c
===================================================================
RCS file: /home/ncvs/src/contrib/tcpdump/tcpdump.c,v
retrieving revision 1.14.2.1.8.1
diff -u -r1.14.2.1.8.1 tcpdump.c
--- contrib/tcpdump/tcpdump.c 3 Mar 2012 06:15:13 -0000 1.14.2.1.8.1
+++ contrib/tcpdump/tcpdump.c 26 Jul 2012 09:03:27 -0000
@@ -295,6 +298,7 @@
}
static pcap_t *pd;
+static pcap_direction_t aflag = PCAP_D_INOUT;
extern int optind;
extern int opterr;
@@ -537,11 +541,16 @@
opterr = 0;
while (
- (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1)
+ (op = getopt(argc, argv, "a:A" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1)
switch (op) {
case 'a':
- /* compatibility for old -a */
+ if (!strcmp(optarg, "in"))
+ aflag = PCAP_D_IN;
+ else if (!strcmp(optarg, "out"))
+ aflag = PCAP_D_OUT;
+ else
+ error("invalid direction %s", optarg);
break;
case 'A':
@@ -1023,6 +1032,12 @@
else if (*ebuf)
warning("%s", ebuf);
#endif /* HAVE_PCAP_CREATE */
+ if (aflag != PCAP_D_INOUT) {
+ status = pcap_setdirection(pd, aflag);
+ if (status != 0)
+ error("%s: pcap_setdirection failed: %s",
+ device, pcap_statustostr(status));
+ }
/*
* Let user own process after socket has been opened.
*/
--IJpNTDwzlM2Ie8A6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120726092549.GA3153>