tcpdump
tony.chamberlain at lemko.com
tony.chamberlain at lemko.com
Thu Jul 10 15:05:52 UTC 2008
-----Original Message-----
Message: 5
Date: Wed, 09 Jul 2008 14:39:38 -0500
From: Kevin Martin <kevintm at ameritech.net>
Subject: Re: tcpdump
To: For users of Fedora <fedora-list at redhat.com>
Message-ID: <487513FA.9010809 at ameritech.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
tony.chamberlain at lemko.com wrote:
> I want to look at all the traffic coming to my web browser (192.168.5.191)
> (tomcat on port 80) using tcpdump.
>
> If I say tcpdump port 80
>
> that will get 80 coming and going. Also if I say
> tcpdump dst port 80
> I will still get any traffic I have to other web sites.
>
> I thought tcpdump (dst port 80) and (dst host 192.168.5.191)
> would work but that does not seem to get anything. I went to
> 192.168.5.191/~chamberl from another machine, got my web page
> but nothing in the tcp dump.
>
> What is the correct way to do this (all incoming to my web browser)?
> Theoretically besdies 192.168.5.191 I would also like 127.0.0.1
>
>
>
Are you listening on the correct device? I just tried:
tcpdump dst port 22 and dst host 10.10.20.20
and didn't get anything but when I added the "-i <device>" that
10.10.20.20 is bound to then I got the correct information.
Kevin
==========
yes I tried all four of
tcpdump -i eth0
tcpdump -i l0
tcpdump -i any
I guess that is only 3 ;-) Still no activity.
Could the port number get changed somehow?
I also used both 192.168.5.191 and 127.0.0.1 for host which should be
more or less the same except the 191 should be eth0 and 127 should be lo
More information about the fedora-list
mailing list