UDP doesn't know about "hosts" - that's IP's responsibility. UDP only
knows about ports.
If you want to see all traffic to or from particular hosts, use "ip host
node1 or node2 or node3".
If you want to see all *UDP* traffic to and from particular hosts, use
"(ip host node1 or node2 or node3) and udp".
If you want to see all UDP traffic to and from particular hosts *on a
particular UDP port*, use "(ip host node1 or node2 or node3) and udp
port N". If you want, for example, UDP traffic to or from port 161, do
"(ip host node1 or node2 or node3) and udp port 161" - but, in that
case, you can probably say "udp port snmp" rather than "udp port 161".
If you want traffic to or from two particular ports, use "(ip host node1
or node2 or node3) and (udp port port1 or port2)" - which can probably
be "udp port snmp or udp port snmptrap" if you want ports 161 and 162.
lgdyb 于 2007-11-22 23:26:16发表:
tcpdump tcp port 23 and host x.x.x.x
运行ifconfig eth0 promisc ,将我的网卡设为混杂模式后,网络就不通了。呵呵,有什么好办法吗??是不是我的网卡不够高级??谢谢
这里高手真多,太好了。
gxf 于 2007-11-22 18:29:55发表:
你试过没有?看是不是“tcpdump: 'tcp' modifier applied to host”,我这里是这个结果
lgdyb 于 2007-11-22 15:34:11发表:
lgdyb 于 2007-11-22 15:31:51发表:
gxf 于 2007-11-22 13:55:25发表:
对于tcp/udp协议只能监听端口号,而ip协议只能监听主机地址,tcp/udp位于传输层,
而ip协议位于网际层。
[ 本帖最后由 gxf 于 2007-11-22 14:01 编辑 ]