Date: Sun, 4 Jan 2009 15:23:16 -0500 From: "matt donovan" <kitchetech@gmail.com> To: "Eugene Grosbein" <eugen@kuzbass.ru> Cc: KES <kes-kes@yandex.ru>, hackers@freebsd.org Subject: Re: tcpdump filter for out/in traffic Message-ID: <28283d910901041223x7210db5lcf8df9ef5f1da56b@mail.gmail.com> In-Reply-To: <20090104155638.GA76773@svzserv.kemerovo.su> References: <179479624.20090104160500@yandex.ru> <20090104155638.GA76773@svzserv.kemerovo.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 4, 2009 at 10:56 AM, Eugene Grosbein <eugen@kuzbass.ru> wrote: > On Sun, Jan 04, 2009 at 04:05:00PM +0200, KES wrote: > > > There will be very usefull to have options for tcpdump to monitor > > incomint or outgoing traffic regardless of src/dst IPs or ports or > protocol > > > > For example: > > > > kes# tcpdump -n -i rl4 out > > EXPECTED: show traffic outgoing on rl4 > > ACTUAL: tcpdump: syntax error > > > > kes# tcpdump -n -i rl4 in > > EXPECTED: show traffic incoming on rl4 > > ACTUAL: tcpdump: syntax error > > Hi! > > I use following trick for that: > > tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing > tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming > > And add MAC-address of rl4 to /etc/ethers with name 'me-rl4' > or just 'me' if you need not watch other interfaces this way. > > Eugene Grosbein > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > don't even need an option you just have to filter the traffic correctly using tcpdump which Eugene already point out
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?28283d910901041223x7210db5lcf8df9ef5f1da56b>