Burgess, Jeffrey T said:
> The windows version of the docs wouldn't come up on windump...
I.e., the URL I mentioned:
http://windump.polito.it/docs/manual.htm
didn't work in your browser?
> So do I put 'tcpdump host xxx.xxx.xxx.xxx' in the capture filter line?
To quote my previous reply:
Note that this is a sample command line - "tcpdump" is the command, and
"host sundown" are the arguments to the command, giving the filter. You
would use just "host sundown" with Ethereal - you would *not* put
"tcpdump" in there.
> I tried 'ip host src or dst xxx.xxx.xxx.xxx' but it wouldn't parse it,
> got an error...
That's because it's not valid.
You could do
ip src host xxx.xxx.xxx.xxx or ip dst host xxx.xxx.xxx.xxx
("src" and "dst" are qualifiers for "host", so they come before "host"), but
ip host xxx.xxx.xxx.xxx
is sufficient (an unqualified "host" means "source or destination host":
dst host host
True if the IPv4/v6 destination field of the
packet is
host, which may be either an address or a name.
src host host
True if the IPv4/v6 source field of the packet is host.
host host
True if either the IPv4/v6 source or destination of
the
packet is host. ...