hi,
if i understand correctly, you would like to get all traffic except for
packets from network 10.x.x
# tcpdump net not 10
this will filter out packets whose addresses contain 10.x.x.x.
-alexm
22:09 09/08/2005
On Mon, 8 Aug 2005, Black, Michael wrote:
> I'm trying to set up some monitoring
On Aug 8, 2005, at 10:40 AM, Black, Michael wrote:
What I want is for 10.4.4 to see ALL non-10.4.4 traffic (like a
honeypot).
Seems like a reasonable request to say "not net 10.4.4"
If by "10.4.4 traffic" you mean "traffic from an address on the
10.4.4 network to an address on the 10.4.4 ne
a
Sent: Monday, August 08, 2005 1:01 PM
To: tcpdump-workers@lists.tcpdump.org
Subject: Re: [tcpdump-workers] not net problem
Black, Michael wrote:
> For example, I've got two networks linked:
>
> 10.4.4 mask 255.255.255.0
> 10.1.1 mask 255.255.255.0
>
> I want to monitor
Black, Michael wrote:
> For example, I've got two networks linked:
>
> 10.4.4 mask 255.255.255.0
> 10.1.1 mask 255.255.255.0
>
> I want to monitor each network for traffic from the other so tried this
> on 10.4.4:
>
> tcdump not net 10.4.4
>
> But when I do this it drops traffic from 10.1.1 als
I'm trying to set up some monitoring for a 10.X.X network.
For example, I've got two networks linked:
10.4.4 mask 255.255.255.0
10.1.1 mask 255.255.255.0
I want to monitor each network for traffic from the other so tried this
on 10.4.4:
tcdump not net 10.4.4
But when I do this it drops traffic
