Electronic Books

dir qualifiers specify a particular transfer direction to
and/or from id. Possible directions are src, dst, src or
dst and src and dst. For example: ???src foo,??? ???dst net
1.2.3,??? ???src or dst port ftp-data.??? If there is no dir
qualifier, src or dst is assumed. For ???NULL??? link layers
(i.e., point-to-point protocols such as SLIP) the inbound
and outbound qualifiers can be used to specify a
desired direction.
proto qualifiers are restricted to IP-only protocols.
Possible protos are: tcp, udp, and icmp. For example:
???udp src foo??? or ???tcp port 21.??? If there is no proto
qualifier, all protocols consistent with the type are
assumed. For example, ???src foo??? means ???ip and ((tcp or
udp) src foo),??? ???net bar??? means ???ip and (net bar),??? and
???port 53??? means ???ip and ((tcp or udp) port 53).???
Tcpdump tcpdump [ -adeflnNOpqStvx ] [ -c count ]
[ -F file ] [ -i interface ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -w file ]
[ expression ]
Appendix B : Tool Syntax
699
Chapter Tool Syntax
Chapter 5
(continued)
Tcpdump Options:
-a Attempt to convert network and broadcast addresses
to names.
-c Exit after receiving count packets.
-d Dump the compiled packet-matching code in a
human-readable form to standard output and stop.
-dd Dump packet-matching code as a C program
fragment.
-ddd Dump packet-matching code as decimal numbers
(preceded by a count).
-e Print the link-level header on each dump line.


Pages:
238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262