分类: 网络与安全
2011-02-15 13:07:35
| QUOTE: |
| #tcpdump tcp port 23 |
| QUOTE: |
| UDP doesn't know about "hosts" - that's IP's responsibility. UDP only knows about ports. If you want to see all traffic to or from particular hosts, use "ip host node1 or node2 or node3". If you want to see all *UDP* traffic to and from particular hosts, use "(ip host node1 or node2 or node3) and udp". If you want to see all UDP traffic to and from particular hosts *on a particular UDP port*, use "(ip host node1 or node2 or node3) and udp port N". If you want, for example, UDP traffic to or from port 161, do "(ip host node1 or node2 or node3) and udp port 161" - but, in that case, you can probably say "udp port snmp" rather than "udp port 161". If you want traffic to or from two particular ports, use "(ip host node1 or node2 or node3) and (udp port port1 or port2)" - which can probably be "udp port snmp or udp port snmptrap" if you want ports 161 and 162. |
lijianweiabcde2011-02-15 21:46:25
GFree_Wind2011-02-15 13:53:01
你的命令里少了一个and
应该是这样的:
[root@Lnx99 lb]#tcpdump tcp port 22 and host 192.168.3.155
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
这样就没有问题。
把and去掉就会报错
