From owner-freebsd-net@FreeBSD.ORG Thu Jul 26 09:25:57 2012 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ABFC8106566C for ; Thu, 26 Jul 2012 09:25:57 +0000 (UTC) (envelope-from dhartmei@insomnia.benzedrine.cx) Received: from insomnia.benzedrine.cx (106-30.3-213.fix.bluewin.ch [213.3.30.106]) by mx1.freebsd.org (Postfix) with ESMTP id 235828FC0A for ; Thu, 26 Jul 2012 09:25:56 +0000 (UTC) Received: from insomnia.benzedrine.cx (localhost.benzedrine.cx [127.0.0.1]) by insomnia.benzedrine.cx (8.14.1/8.13.4) with ESMTP id q6Q9PnnY025326 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 26 Jul 2012 11:25:49 +0200 (MEST) Received: (from dhartmei@localhost) by insomnia.benzedrine.cx (8.14.1/8.12.10/Submit) id q6Q9Pnen009817; Thu, 26 Jul 2012 11:25:49 +0200 (MEST) Date: Thu, 26 Jul 2012 11:25:49 +0200 From: Daniel Hartmeier To: m s Message-ID: <20120726092549.GA3153@insomnia.benzedrine.cx> References: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="IJpNTDwzlM2Ie8A6" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.12-2006-07-14 Cc: freebsd-net@freebsd.org Subject: Re: tcpdump in freebsd X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2012 09:25:57 -0000 --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jul 26, 2012 at 08:35:29AM +0000, m s wrote: > hi all. I want to use tcpdump just for input or just for outout > packet.isthis possible ? if no is there any other command that do > this? If filtering by source MAC (or IP) is not enough, you can patch tcpdump to hack in '-a in|out' using pcap_setdirection(). HTH, Daniel --IJpNTDwzlM2Ie8A6 Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="tcpdump.diff" Index: contrib/tcpdump/tcpdump.1 =================================================================== RCS file: /home/ncvs/src/contrib/tcpdump/Attic/tcpdump.1,v retrieving revision 1.19.2.1.8.1 diff -u -r1.19.2.1.8.1 tcpdump.1 --- contrib/tcpdump/tcpdump.1 3 Mar 2012 06:15:13 -0000 1.19.2.1.8.1 +++ contrib/tcpdump/tcpdump.1 26 Jul 2012 09:16:17 -0000 @@ -33,6 +33,12 @@ [ .B \-AdDefIKlLnNOpqRStuUvxX ] [ +.B \-a +.I direction +] +.br +.ti +8 +[ .B \-B .I buffer_size ] [ @@ -194,6 +200,9 @@ special privileges. .SH OPTIONS .TP +.B \-a +Print only packets matching \fIdirection\fP, \fBin\fP or \fBout\fP. +.TP .B \-A Print each packet (minus its link level header) in ASCII. Handy for capturing web pages. Index: contrib/tcpdump/tcpdump.c =================================================================== RCS file: /home/ncvs/src/contrib/tcpdump/tcpdump.c,v retrieving revision 1.14.2.1.8.1 diff -u -r1.14.2.1.8.1 tcpdump.c --- contrib/tcpdump/tcpdump.c 3 Mar 2012 06:15:13 -0000 1.14.2.1.8.1 +++ contrib/tcpdump/tcpdump.c 26 Jul 2012 09:03:27 -0000 @@ -295,6 +298,7 @@ } static pcap_t *pd; +static pcap_direction_t aflag = PCAP_D_INOUT; extern int optind; extern int opterr; @@ -537,11 +541,16 @@ opterr = 0; while ( - (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1) + (op = getopt(argc, argv, "a:A" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1) switch (op) { case 'a': - /* compatibility for old -a */ + if (!strcmp(optarg, "in")) + aflag = PCAP_D_IN; + else if (!strcmp(optarg, "out")) + aflag = PCAP_D_OUT; + else + error("invalid direction %s", optarg); break; case 'A': @@ -1023,6 +1032,12 @@ else if (*ebuf) warning("%s", ebuf); #endif /* HAVE_PCAP_CREATE */ + if (aflag != PCAP_D_INOUT) { + status = pcap_setdirection(pd, aflag); + if (status != 0) + error("%s: pcap_setdirection failed: %s", + device, pcap_statustostr(status)); + } /* * Let user own process after socket has been opened. */ --IJpNTDwzlM2Ie8A6--