How to capture src and dst traffic (both directions) with tcpdump, with one command?
20,459
To monitor traffic on both directions between host_a
and host_b
you can use:
# tcpdump -nli eth6 host host_a and host_b
Related videos on Youtube
Author by
Selahattin
Updated on September 18, 2022Comments
-
Selahattin over 1 year
I am using RedHat (6.5) bonding and my active interface is
eth5
.Running the following command, I'm not able to see the traffic originated by my NIC IP address:
tcpdump -i eth5 src host actual_ip_address_of_external_client
I'm only able to see the source traffic too, via the command below (using wireshark):
tcpdump -i eth5 src host actual_ip_address_of_external_client -w /tmp/<outputfile>
What might be the problem?
-
Bratchley about 9 yearsNot 100% but I believe
tcpdump
supports theor
operator -
Bratchley about 9 yearsThe question in this post includes an example of using the
or
operator. -
Selahattin about 9 yearsthanks could you please me sample syntax regarding my situation ? or what else do you recommended instead of tcpdump command? please clarify
-
Bratchley about 9 yearsyou should probably do something like
tcpdump -i eth5 host <currentHost> or host <destinationHost>
Just as an example:tcpdump -i eth5 host 192.168.122.23 or 192.168.122.25
. -
Admin about 9 yearsSo are you saying that, without
-w /tmp/<outputfile>
, tcpdump doesn't print traffic from theactual_ip_address_of_external_client
, but if you add-w /tmp/<outputfile>
to the command, making no change to the filter or the-i
argument, and then read the file in Wireshark, you do see traffic from that address? -
Selahattin about 9 years@GuyHarris as you said I have facing same issue. Also I can see external IP address of host in wireshark as [source] from address. otherwise if an external host (say 118.168.141.172) made a connection, I would like to capture the traffic. OK?
-
-
Selahattin about 9 yearsthanks info I solved my issue e.g tcpdump -ni s0 vlan and host_a and host_b and tcp 80
-
Velu about 4 yearssudo tcpdump -s 65535 -i eth0 host 10.78.5.118 and host 41.212.409.114 -w ssl.pcap