Monday, January 12, 2009

The role of the "gateway" option of tcpdump

‘Gateway’ in tcpdump specifies a name of gate that transfers the packet. We can use gateway to monitor traffic from specific TCP/IP applications at strategic locations of a given TCP/IP network. For example to print all ftp traffic through snup gateway the command is as follows:
#tcpdump 'gateway snup and (port ftp or ftp-data)'

To print IP packets longer than 576 bytes sent through gateway snup the command is:
#tcpdump 'gateway snup and ip[2:2] > 576'

No comments: