Snort mailing list archives
RE: tcpdump filtered for multiple hosts
From: "Patrick Harper" <patrick () internetsecurityguru com>
Date: Fri, 21 Oct 2005 19:17:54 -0500
Put an and between the host statements I believe tcpdump -I eth0 -s0 host 10.10.10.1 and host 10.10.10.2 -w dumpfile.dmp The -s0 will make it capture whatever the packet size stated in the header of the packet. Patrick S. Harper | CISSP RHCT MCSE www.internetsecurityguru.com Just because your paranoid, doesn't mean they're not out to get you -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Court Graham Sent: Friday, October 21, 2005 7:00 PM To: snort-users () lists sourceforge net Subject: [Snort-users] tcpdump filtered for multiple hosts Does anyone know the syntax to screen for multiple hosts using tcpdump tcpdump - w filename host ip(this is where i need more than one host) ??? ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- tcpdump filtered for multiple hosts Court Graham (Oct 21)
- RE: tcpdump filtered for multiple hosts Patrick Harper (Oct 21)
- Re: tcpdump filtered for multiple hosts Harry Hoffman (Oct 21)
- <Possible follow-ups>
- Re: tcpdump filtered for multiple hosts Richard Bejtlich (Oct 22)
- RE: tcpdump filtered for multiple hosts Patrick Harper (Oct 21)