17

I have to capture all the UDP packets sent from host A to any UDP port of host B. The following, if run on host B, doesn't work.

$ sudo tcpdump -i eth0 -SX udp src <hostA>
tcpdump: 'udp' modifier applied to host

What is the correct command line to achieve the same?

sherlock
  • 586
  • 1
  • 6
  • 17

1 Answers1

20

I would use 

sudo tcpdump -i eth0 -s 0  -w tcpdump.pcap host hostA and udp

to up the length to "a lot", write the data to a file and use host rather than src to capture the data in both directions. Essentially you are missing the word and between src and udp.

icarus
  • 17,420
  • 1
  • 37
  • 54