Date: Sun, 4 Jan 2009 22:56:38 +0700 From: Eugene Grosbein <eugen@kuzbass.ru> To: KES <kes-kes@yandex.ru> Cc: hackers@freebsd.org Subject: Re: tcpdump filter for out/in traffic Message-ID: <20090104155638.GA76773@svzserv.kemerovo.su> In-Reply-To: <179479624.20090104160500@yandex.ru> References: <179479624.20090104160500@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jan 04, 2009 at 04:05:00PM +0200, KES wrote: > There will be very usefull to have options for tcpdump to monitor > incomint or outgoing traffic regardless of src/dst IPs or ports or protocol > > For example: > > kes# tcpdump -n -i rl4 out > EXPECTED: show traffic outgoing on rl4 > ACTUAL: tcpdump: syntax error > > kes# tcpdump -n -i rl4 in > EXPECTED: show traffic incoming on rl4 > ACTUAL: tcpdump: syntax error Hi! I use following trick for that: tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming And add MAC-address of rl4 to /etc/ethers with name 'me-rl4' or just 'me' if you need not watch other interfaces this way. Eugene Grosbein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090104155638.GA76773>