Chinaunix首页 | 论坛 | 博客
  • 博客访问: 519139
  • 博文数量: 100
  • 博客积分: 2058
  • 博客等级: 大尉
  • 技术积分: 1029
  • 用 户 组: 普通用户
  • 注册时间: 2010-07-14 23:29
文章分类
文章存档

2011年(94)

2010年(6)

分类: 网络与安全

2011-02-15 13:07:35

版本:2.6.9
tcpdump tcp port 23 host 200.201.202.15 不能使用,说是有语法错误误

[root@localhost ~]# tcpdump tcp host 200.201.202.15
tcpdump: 'tcp' modifier applied to host

对于tcp/udp协议只能监听端口号,而ip协议只能监听主机地址,tcp/udp位于传输层,
而ip协议位于网际层。
QUOTE:
#tcpdump tcp port 23


QUOTE:
UDP doesn't know about "hosts" - that's IP's responsibility. UDP only
knows about ports.

If you want to see all traffic to or from particular hosts, use "ip host
node1 or node2 or node3".

If you want to see all *UDP* traffic to and from particular hosts, use
"(ip host node1 or node2 or node3) and udp".

If you want to see all UDP traffic to and from particular hosts *on a
particular UDP port*, use "(ip host node1 or node2 or node3) and udp
port N". If you want, for example, UDP traffic to or from port 161, do
"(ip host node1 or node2 or node3) and udp port 161" - but, in that
case, you can probably say "udp port snmp" rather than "udp port 161".

If you want traffic to or from two particular ports, use "(ip host node1
or node2 or node3) and (udp port port1 or port2)" - which can probably
be "udp port snmp or udp port snmptrap" if you want ports 161 and 162.

阅读(6834) | 评论(2) | 转发(0) |
给主人留下些什么吧!~~

lijianweiabcde2011-02-15 21:46:25

GFree_Wind: 你的命令里少了一个and
应该是这样的:
[root@Lnx99 lb]#tcpdump tcp port 22 and host 192.168.3.155
tcpdump: verbose output suppressed, use -v or -vv for.....
是啊,少了个and。
后来看了下面的英文搞清楚原因了。
原来:
UDP/TCP doesn't know about "hosts" - that's IP's responsibility. UDP/TCP only knows about ports.
所以tcp不能做host的修饰符

GFree_Wind2011-02-15 13:53:01

你的命令里少了一个and
应该是这样的:
[root@Lnx99 lb]#tcpdump tcp port 22 and host 192.168.3.155
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
这样就没有问题。
把and去掉就会报错