Kaushal Shriyan wrote: > Thanks Andy > > so running this command tcpdump -i eth0 -s 1500 -w dump host > www.example.comwill give me the network traffic between src host to > destination host > and destination host to src host > > is that correct what i understand What it will show you exactly is any packet that is coming from, or going to www.example.com. If 192.168.0.2 is also talking to www.example.com at that time, it will show those packets too. As David Miller points out you can tighten it using host 192.168.0.1 and host www.example.com but normally in practice nobody else talks to the host you want, and if they do contaminate your capture, only then do you bother to tighten the capture criteria accordingly. -Andy
