'tcp' modifier applied to host

版本：2.6.9
tcpdump tcp port 23 host 200.201.202.15 不能使用，说是有语法错误误

[root@localhost ~]# tcpdump tcp host 200.201.202.15
tcpdump: 'tcp' modifier applied to host

对于tcp/udp协议只能监听端口号，而ip协议只能监听主机地址，tcp/udp位于传输层，
而ip协议位于网际层。

QUOTE:

#tcpdump tcp port 23

QUOTE:

UDP doesn't know about "hosts" - that's IP's responsibility. UDP only knows about ports. If you want to see all traffic to or from particular hosts, use "ip host node1 or node2 or node3". If you want to see all *UDP* traffic to and from particular hosts, use "(ip host node1 or node2 or node3) and udp". If you want to see all UDP traffic to and from particular hosts *on a particular UDP port*, use "(ip host node1 or node2 or node3) and udp port N". If you want, for example, UDP traffic to or from port 161, do "(ip host node1 or node2 or node3) and udp port 161" - but, in that case, you can probably say "udp port snmp" rather than "udp port 161". If you want traffic to or from two particular ports, use "(ip host node1 or node2 or node3) and (udp port port1 or port2)" - which can probably be "udp port snmp or udp port snmptrap" if you want ports 161 and 162.