Capturing Live Network Data

 

You can optionally include the keyword srcdst between the

 

keywords ether and host to specify that you are only inter-

 

ested in source or destination addresses. If these are not

 

present, packets where the specified address appears in either

 

the source or destination address will be selected.

gateway host <host>

This primitive allows you to filter on packets that used host

 

as a gateway. That is, where the Ethernet source or destina-

 

tion was host but neither the source nor destination IP address

 

was host.

[srcdst] net <net> [{mask

This primitive allows you to filter on network numbers. You

<mask>}{len <len>}]

can optionally precede this primitive with the keyword

 

srcdst to specify that you are only interested in a source or

 

destination network. If neither of these are present, packets

 

will be selected that have the specified network in either the

 

source or destination address. In addition, you can specify

 

either the netmask or the CIDR prefix for the network if they

 

are different from your own.

[tcpudp] [srcdst] port <port>

This primitive allows you to filter on TCP and UDP port

 

numbers. You can optionally precede this primitive with the

 

keywords srcdst and tcpudp which allow you to specify that

 

you are only interested in source or destination ports and TCP

 

or UDP packets respectively. The keywords tcpudp must ap-

 

pear before srcdst.

 

If these are not specified, packets will be selected for both the

 

TCP and UDP protocols and when the specified address ap-

 

pears in either the source or destination port field.

lessgreater <length>

This primitive allows you to filter on packets whose length

 

was less than or equal to the specified length, or greater than

 

or equal to the specified length, respectively.

ipether proto <protocol>

This primitive allows you to filter on the specified protocol at

 

either the Ethernet layer or the IP layer.

etherip broadcastmulticast

This primitive allows you to filter on either Ethernet or IP

 

broadcasts or multicasts.

<expr> relop <expr>

This primitive allows you to create complex filter expressions

 

that select bytes or ranges of bytes in packets. Please see the

 

tcpdump man page at http:/ / www.tcpdump.org/ tcp-

 

dump_man.html for more details.

73

Page 86 Page 88
Page 87
Image 87
Lucent Technologies Ethereal Gateway host host, Srcdst net net mask, Masklen len, Tcpudp srcdst port port, Expr relop expr
Page 86 Page 88
Top Page Image Contents