tcpdump mailing list archives

Re: help with tcpdump command please.

From: Guy Harris <guy () alum mit edu>
Date: Thu, 21 Aug 2003 23:17:31 -0700


On Thursday, August 21, 2003, at 4:20 AM, Rob McWilliam wrote:

I am having the following problem when I submit this command on my
IPSO 3.7 Nokia firewall.

ROB#tcpdump -i eth-s1p2c0: src host 193.122.22.247 dst host
192.168.20.14 and icmp -w /tmp/dumpdatain <CR>
ROB#tcpdump: parse error

You have to put the filter expression after *all* the command-lineflags:

tcpdump -i ether-slp2c0: -w /tmp;dumpdatain src host 193.122.22.247dst host 192.168.20.14 and icmp


as per what the man page says:

        NAME
               tcpdump - dump traffic on a network

        SYNOPSIS
               tcpdump [ -aAdDeflLnNOpqRStuUvxX ] [ -c count ]
                       [ -C file_size ] [ -F file ]
                       [ -i interface ] [ -m module ] [ -r file ]
                       [ -s snaplen ] [ -T type ] [ -w file ]
                       [ -E spi@ipaddr algo:secret,...  ]
                       [ -y datalinktype ]
                       [ expression ]

(you won't necessarily have the same list of command-line flags in theman page for the IPSO tcpdump, if it has a man page, and its tcpdumpmight not necessarily support all those flags, but "expression" alwayscomes at the end).


-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

help with tcpdump command please. Rob McWilliam (Aug 21)
- Re: help with tcpdump command please. Guy Harris (Aug 21)