[Snort-users] tcpdump filtered for multiple hosts

Harry Hoffman hhoffman at ...10275...
Fri Oct 21 19:45:10 EDT 2005


It might be a little more clear to write it as such:

tcpdump -i eth0 -s 0 host '( 10.10.10.1 and 10.10.10.2 )' -w dumpfile.dmp

my $0.02,
Harry

Patrick Harper wrote:
> Put an and between the host statements I believe  tcpdump -I eth0 -s0 host
> 10.10.10.1 and host 10.10.10.2 -w dumpfile.dmp
> 
> The -s0 will make it capture whatever the packet size stated in the header
> of the packet.
> 
>




More information about the Snort-users mailing list