tcpdump filter for out/in traffic
Eugene Grosbein
eugen at kuzbass.ru
Sun Jan 4 16:26:17 UTC 2009
On Sun, Jan 04, 2009 at 04:05:00PM +0200, KES wrote:
> There will be very usefull to have options for tcpdump to monitor
> incomint or outgoing traffic regardless of src/dst IPs or ports or protocol
>
> For example:
>
> kes# tcpdump -n -i rl4 out
> EXPECTED: show traffic outgoing on rl4
> ACTUAL: tcpdump: syntax error
>
> kes# tcpdump -n -i rl4 in
> EXPECTED: show traffic incoming on rl4
> ACTUAL: tcpdump: syntax error
Hi!
I use following trick for that:
tcpdump -n -p -i rl4 ether src me-rl4 # for outgoing
tcpdump -n -p -i tl4 not ether src me-rl4 # for incoming
And add MAC-address of rl4 to /etc/ethers with name 'me-rl4'
or just 'me' if you need not watch other interfaces this way.
Eugene Grosbein
More information about the freebsd-hackers
mailing list