Lucent Technologies Ethereal User Manual

Page 87

Advertising
background image

You can optionally include the keyword src|dst between the
keywords ether and host to specify that you are only inter-
ested in source or destination addresses. If these are not
present, packets where the specified address appears in either
the source or destination address will be selected.

gateway host <host>

This primitive allows you to filter on packets that used host
as a gateway. That is, where the Ethernet source or destina-
tion was host but neither the source nor destination IP address
was host.

[src|dst] net <net> [{mask
<mask>}|{len <len>}]

This primitive allows you to filter on network numbers. You
can optionally precede this primitive with the keyword
src|dst to specify that you are only interested in a source or
destination network. If neither of these are present, packets
will be selected that have the specified network in either the
source or destination address. In addition, you can specify
either the netmask or the CIDR prefix for the network if they
are different from your own.

[tcp|udp] [src|dst] port <port>

This primitive allows you to filter on TCP and UDP port
numbers. You can optionally precede this primitive with the
keywords src|dst and tcp|udp which allow you to specify that
you are only interested in source or destination ports and TCP
or UDP packets respectively. The keywords tcp|udp must ap-
pear before src|dst.

If these are not specified, packets will be selected for both the
TCP and UDP protocols and when the specified address ap-
pears in either the source or destination port field.

less|greater <length>

This primitive allows you to filter on packets whose length
was less than or equal to the specified length, or greater than
or equal to the specified length, respectively.

ip|ether proto <protocol>

This primitive allows you to filter on the specified protocol at
either the Ethernet layer or the IP layer.

ether|ip broadcast|multicast

This primitive allows you to filter on either Ethernet or IP
broadcasts or multicasts.

<expr> relop <expr>

This primitive allows you to create complex filter expressions
that select bytes or ranges of bytes in packets. Please see the
tcpdump man page at

http:/ / www.tcpdump.org/ tcp-

dump_man.html

for more details.

Capturing Live Network Data

73

Advertising
Popular Brands
Popular manuals