tony.chamberlain at tony.chamberlain at
Thu Jul 10 15:05:52 UTC 2008

-----Original Message-----

Message: 5
Date: Wed, 09 Jul 2008 14:39:38 -0500
From: Kevin Martin <kevintm at>
Subject: Re: tcpdump
To: For users of Fedora <fedora-list at>
Message-ID: <487513FA.9010809 at>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

tony.chamberlain at wrote:
> I want to look at all the traffic coming to my web browser (
> (tomcat on port 80) using tcpdump.
> If I say  tcpdump port 80
> that will get 80 coming and going.  Also if I say
> tcpdump dst port 80
> I will still get any traffic I have to other web sites.
> I thought  tcpdump (dst port 80) and (dst host
> would work but that does not seem to get anything.  I went to
>  from another machine, got my web page
> but nothing in the tcp dump.
> What is the correct way to do this (all incoming to my web browser)?
> Theoretically besdies I would also like

Are you listening on the correct device?  I just tried:

tcpdump dst port 22 and dst host

and didn't get anything but when I added the "-i <device>" that is bound to then I got the correct information.



yes I tried all four of

tcpdump -i eth0
tcpdump -i l0
tcpdump -i any

I guess that is only 3 ;-)   Still no activity.
Could the port number get changed somehow?

I also used both and for host which should be
more or less the same except the 191 should be eth0 and 127 should be lo

More information about the fedora-list mailing list