Version: 2.6.9
Tcpdump TCP port 23 host 200.201.202.15 cannot be used. It is a syntax error.
[Root @ localhost ~] # Tcpdump TCP host 200.201.202.15
Tcpdump: 'tcp 'modifier applied to host
For TCP/UDP protocol, only the port number can be monitored, and the IP protocol can only listen to the host address. TCP/UDP is at the transport layer,
The IP protocol is on the internet layer.
UDP doesn't know about "hosts"-that's IP's responsibility. UDP only knows about ports. if you have want to see all traffic to or from a participant hosts, use "IP host node1 or node2 or node3 ". if you want to see all * udp * traffic to and from particle hosts, use "(IP host node1 or node2 or node3) and UDP ". if you want to see all UDP traffic to and from particle hosts * On A particle UDP port *, use "(IP host node1 or node2 or node3) and UDP port N ". if you want, for example, UDP traffic to or from port 161, DO "(IP host node1 or node2 or node3) and UDP port 161"-, in that case, you can probably say "UDP port SNMP" rather than "UDP port 161 ". if you want traffic to or from two particle ports, use "(IP host node1 or node2 or node3) and (UDP port port1 or port2) "-which can probably be" UDP port SNMP or UDP port SNMPTRAP "if you want ports 161 and 162. |