[Snort-users] tcpdump filtered for multiple hosts
hhoffman at ...10275...
Fri Oct 21 19:45:10 EDT 2005
It might be a little more clear to write it as such:
tcpdump -i eth0 -s 0 host '( 10.10.10.1 and 10.10.10.2 )' -w dumpfile.dmp
Patrick Harper wrote:
> Put an and between the host statements I believe tcpdump -I eth0 -s0 host
> 10.10.10.1 and host 10.10.10.2 -w dumpfile.dmp
> The -s0 will make it capture whatever the packet size stated in the header
> of the packet.
More information about the Snort-users