-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At some point hitherto, Ron Peterson hath spake thusly:
> First, let me say what I'd like to do.  I'd like to count the number of bytes
> in the data payload of IP packets by port number.  Not port name, just
> number.  So I thought I'd enlist the help of tcpdump.

[SNIP]

> For testing, I have two machines on a hub.  I want to use tcpdump on one
> machine to monitor everything happening on the other.  Is this possible?

Absolutely.  However it's not possible to do on switched networks (at
least not with tcpdump, or without mirroring ports on the switch).  But so long as you're on a shared subnet,
you can tell tcpdump what host you want to pay attention to with the
'host' qualifier.  For example, change your tcpdump command to
something like

  # tcpdump -b ip -c 64 -n -nn host <host_to_monitor>


- -- 
Derek Martin               ddm@pizzashack.org    
- ---------------------------------------------
I prefer mail encrypted with PGP/GPG!
GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
Learn more about it at http://www.gnupg.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8fT8DdjdlQoHP510RArf2AJ0aWPD5K38dzx6tlaIXz+cGXnDvKgCgnM8x
mqWwbBM7UHAKQe3j4tRR5T4=
=0+ur
-----END PGP SIGNATURE-----