‘tcp’ modifier applied to host

版本：2.6.9
tcpdump tcp port 23 host 200.201.202.15 不能使用，說是有語法錯誤誤

[root@localhost ~]# tcpdump tcp host 200.201.202.15
tcpdump: 'tcp' modifier applied to host

對於tcp/udp協議只能監聽連接埠號碼，而ip協議只能監聽主機地址，tcp/udp位於傳輸層，
而ip協議位於網際層。

QUOTE:

#tcpdump tcp port 23

QUOTE:

UDP doesn't know about "hosts" - that's IP's responsibility. UDP only knows about ports. If you want to see all traffic to or from particular hosts, use "ip host node1 or node2 or node3". If you want to see all *UDP* traffic to and from particular hosts, use "(ip host node1 or node2 or node3) and udp". If you want to see all UDP traffic to and from particular hosts *on a particular UDP port*, use "(ip host node1 or node2 or node3) and udp port N". If you want, for example, UDP traffic to or from port 161, do "(ip host node1 or node2 or node3) and udp port 161" - but, in that case, you can probably say "udp port snmp" rather than "udp port 161". If you want traffic to or from two particular ports, use "(ip host node1 or node2 or node3) and (udp port port1 or port2)" - which can probably be "udp port snmp or udp port snmptrap" if you want ports 161 and 162.