"Kaushal Shriyan" <kaushalshriyan@xxxxxxxxx> wrote:
I have to capture network traffic between an appliance and content server
using tcpdump command and then dump to a file and read and decode it using
wireshark
How do i proceed
I have used tcpdump -i eth0 -s 1500 -w dump src host 192.168.0.1 and dst
host www.example.com
when i read the dump capture file using wireshark i could only see packets
being sent from src host to destination host, I could not see any packets
being sent from destination host to src host.
Please let me know what I am doing wrong.
Try -s0 and you specified "src host" and "dest host" so you only see
packets *from* the source *to* the destination. Try leaving off "src"
and "dest". You should then only see all packets between the two
systems since only those packets will have both hosts.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
