[Snort-users] tcpdump filtered for multiple hosts

Harry Hoffman hhoffman at ...10275...
Fri Oct 21 19:45:10 EDT 2005

It might be a little more clear to write it as such:

tcpdump -i eth0 -s 0 host '( and )' -w dumpfile.dmp

my $0.02,

Patrick Harper wrote:
> Put an and between the host statements I believe  tcpdump -I eth0 -s0 host
> and host -w dumpfile.dmp
> The -s0 will make it capture whatever the packet size stated in the header
> of the packet.

More information about the Snort-users mailing list