Re: tcpdump command

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kaushal Shriyan wrote:

Thanks Andy
so running this command tcpdump -i eth0 -s 1500 -w dump host www.example.com <http://www.example.com> will give me the network traffic between src host to destination host 
and destination host to src host

is that correct what i understand

Thanks and Regards

Kaushal
On 5/18/07, *Andy Green* <andy@xxxxxxxxxxx <mailto:andy@xxxxxxxxxxx>> wrote: 

    Kaushal Shriyan wrote:
    > Hi
    >
    > I have to capture network traffic between an appliance and
    content server
    > using tcpdump command and then dump to a file and read and
    decode it using
    > wireshark
    >
    > How do i proceed
    >
    > I have used tcpdump -i eth0 -s 1500 -w dump src host 192.168.0.1
    <http://192.168.0.1> and dst
    > host www.example.com <http://www.example.com>
    >
    > when i read the dump capture file using wireshark i could only
    see packets
    > being sent from src host to destination host, I could not see
    any packets
    > being sent from destination host to src host.

    You specified what you wanted too tightly... ONLY packets coming FROM
    ('src host') 192.168.0.1 <http://192.168.0.1> and going TO ('dst
    host') www.example.com <http://www.example.com>.

    Just using

    -i eth0 -s 1500 -w dump host www.example.com <http://www.example.com>

    will get you what you want: see

    man tcpdump

    -Andy

    --
    fedora-list mailing list
    fedora-list@xxxxxxxxxx <mailto:fedora-list@xxxxxxxxxx>
    To unsubscribe:
    https://www.redhat.com/mailman/listinfo/fedora-list
    <https://www.redhat.com/mailman/listinfo/fedora-list>



As was pointed out, this will get you all traffic from or to
www.example.com with the other host in the IP packet unspecified.
If you really want to be particular, try:
tcpdump -i eth0 -s 1500 -w dump host 192.168.0.1 <http://192.168.0.1> and host www.example.com <http://www.example.com>
which, as you might guess from extrapolating the logic in the other examples described, will give you all traffic where the source or destination is 192.168.0.1 AND the 
source or destination is www.example.com.  This would give you all traffic
between the hosts in either direction. If you really analyze the logic, it will 
also give you all traffic between www.example.com and itself, and likewise
all traffic between 192.168.0.1 and itself THAT APPEARS ON eth0.  But
there will be no such traffic (barring really bizarre configurations) because 
such traffic will never appear on the external network.

Hope that helps
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux