RE: WINDUMP SYNTAX ASSISTANCE.....

If you read the MAN (or help for you windows people) pages, this is not difficult. Mots of it is based on TCPDump type usages:

windump ((port 80) and (net !192.168.1.0/24))

Change the port,and the net address as needed
-bill-

-----Original Message-----

From: Jason Beauford [mailto:Jbeauford@mill-max.com] Sent: Tuesday, January 28, 2003 10:27 AM To: focus-ids@securityfocus.com
Subject: WINDUMP SYNTAX ASSISTANCE.....

Forum,

I am looking for the Windump syntax to record only the packets that involve a particular host and those hosts outside of our internal network. I've tried the "host hostname and not src net localnet, but I am still missing half of the traffic as it only gives me ingress traffic. I still need to record egress traffic. So I try host hostname and not dst net localnet. This gives me only egress and not ingress. If I try without same syntax without the src or dst, I get no traffic. Can anyone point me in the right direction with this?

Thanks in advance.

Regards,

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Jason M. Beauford. Received on Wed Jan 29 12:24:50 2003