WINDUMP SYNTAX ASSISTANCE.....

["Jason Beauford" <Jbeauford () mill-max com>]

Forum,

I am looking for the Windump syntax to record only the packets that
involve a particular host and those hosts outside of our internal
network.  I've tried the "host hostname and not src net localnet, but I
am still missing half of the traffic as it only gives me ingress
traffic. I still need to record egress traffic.  So I try  host hostname
and not dst net localnet. This gives me only egress and not ingress.  If
I try without same syntax without the src or dst, I get no traffic. Can
anyone point me in the right direction with this? 

Thanks in advance.


Regards,

Jason M. Beauford.