[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ids
Subject:    RE: WINDUMP SYNTAX ASSISTANCE.....
From:       "Bill Martin" <martin.b () attbi ! com>
Date:       2003-01-29 7:09:52
[Download RAW message or body]

If you read the MAN (or help for you windows people) pages, this is not
difficult.  Mots of it is based on TCPDump type usages:

windump ((port 80) and (net !192.168.1.0/24))

Change the port,and the net address as needed
-bill-

-----Original Message-----
From: Jason Beauford [mailto:Jbeauford@mill-max.com]
Sent: Tuesday, January 28, 2003 10:27 AM
To: focus-ids@securityfocus.com
Subject: WINDUMP SYNTAX ASSISTANCE.....


Forum,

I am looking for the Windump syntax to record only the packets that
involve a particular host and those hosts outside of our internal
network.  I've tried the "host hostname and not src net localnet, but I
am still missing half of the traffic as it only gives me ingress
traffic. I still need to record egress traffic.  So I try  host hostname
and not dst net localnet. This gives me only egress and not ingress.  If
I try without same syntax without the src or dst, I get no traffic. Can
anyone point me in the right direction with this?

Thanks in advance.


Regards,

Jason M. Beauford.

[prev in list] [next in list] [prev in thread] [next in thread]