On Thu, Jul 26, 2012 at 08:35:29AM +0000, m s wrote: > hi all. I want to use tcpdump just for input or just for outout > packet.isthis possible ? if no is there any other command that do > this?
If filtering by source MAC (or IP) is not enough, you can patch tcpdump to hack in '-a in|out' using pcap_setdirection(). HTH, Daniel
Index: contrib/tcpdump/tcpdump.1 =================================================================== RCS file: /home/ncvs/src/contrib/tcpdump/Attic/tcpdump.1,v retrieving revision 1.19.2.1.8.1 diff -u -r1.19.2.1.8.1 tcpdump.1 --- contrib/tcpdump/tcpdump.1 3 Mar 2012 06:15:13 -0000 1.19.2.1.8.1 +++ contrib/tcpdump/tcpdump.1 26 Jul 2012 09:16:17 -0000 @@ -33,6 +33,12 @@ [ .B \-AdDefIKlLnNOpqRStuUvxX ] [ +.B \-a +.I direction +] +.br +.ti +8 +[ .B \-B .I buffer_size ] [ @@ -194,6 +200,9 @@ special privileges. .SH OPTIONS .TP +.B \-a +Print only packets matching \fIdirection\fP, \fBin\fP or \fBout\fP. +.TP .B \-A Print each packet (minus its link level header) in ASCII. Handy for capturing web pages. Index: contrib/tcpdump/tcpdump.c =================================================================== RCS file: /home/ncvs/src/contrib/tcpdump/tcpdump.c,v retrieving revision 1.14.2.1.8.1 diff -u -r1.14.2.1.8.1 tcpdump.c --- contrib/tcpdump/tcpdump.c 3 Mar 2012 06:15:13 -0000 1.14.2.1.8.1 +++ contrib/tcpdump/tcpdump.c 26 Jul 2012 09:03:27 -0000 @@ -295,6 +298,7 @@ } static pcap_t *pd; +static pcap_direction_t aflag = PCAP_D_INOUT; extern int optind; extern int opterr; @@ -537,11 +541,16 @@ opterr = 0; while ( - (op = getopt(argc, argv, "aA" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1) + (op = getopt(argc, argv, "a:A" B_FLAG "c:C:d" D_FLAG "eE:fF:G:i:" I_FLAG "KlLm:M:nNOpqr:Rs:StT:u" U_FLAG "vw:W:xXy:Yz:Z:")) != -1) switch (op) { case 'a': - /* compatibility for old -a */ + if (!strcmp(optarg, "in")) + aflag = PCAP_D_IN; + else if (!strcmp(optarg, "out")) + aflag = PCAP_D_OUT; + else + error("invalid direction %s", optarg); break; case 'A': @@ -1023,6 +1032,12 @@ else if (*ebuf) warning("%s", ebuf); #endif /* HAVE_PCAP_CREATE */ + if (aflag != PCAP_D_INOUT) { + status = pcap_setdirection(pd, aflag); + if (status != 0) + error("%s: pcap_setdirection failed: %s", + device, pcap_statustostr(status)); + } /* * Let user own process after socket has been opened. */
_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"