tony.chamberlain@xxxxxxxxx wrote:
I want to look at all the traffic coming to my web browser (192.168.5.191) (tomcat on port 80) using tcpdump. If I say tcpdump port 80 that will get 80 coming and going. Also if I say tcpdump dst port 80 I will still get any traffic I have to other web sites. I thought tcpdump (dst port 80) and (dst host 192.168.5.191) would work but that does not seem to get anything. I went to 192.168.5.191/~chamberl from another machine, got my web page but nothing in the tcp dump.
I'm assuming you're running tcpdump on machine A. You want to see traffic between machine B and machine C. If machines A and B are
plugged into a network _switch_, the switch routes traffic to/from B's port only--it never appears at A's port so tcpdump can't see it. That's what switches do. If you DO want to eavesdrop on other machines, you must use a network _hub_, NOT a switch, or force your switch to go into hub mode or have it put A's port on the same VLAN as B's port. Big switches can do that...the cheap ones can't.
What is the correct way to do this (all incoming to my web browser)? Theoretically besdies 192.168.5.191 I would also like 127.0.0.1
-- ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer rps2@xxxxxxxx - - Hosting Consulting, Inc. - - - - Change is inevitable, except from a vending machine. - ---------------------------------------------------------------------- -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
