How to capture src and dst traffic (both directions) with tcpdump, with one command?

networking rhel tcpdump wireshark bonding
20,459

To monitor traffic on both directions between host_a and host_b you can use:

# tcpdump -nli eth6 host host_a and host_b
Share:
20,459

Related videos on Youtube

Selahattin
Author by

Selahattin

Updated on September 18, 2022

Comments

  • Selahattin
    Selahattin over 1 year

    I am using RedHat (6.5) bonding and my active interface is eth5.

    Running the following command, I'm not able to see the traffic originated by my NIC IP address:

    tcpdump -i eth5 src host actual_ip_address_of_external_client

    I'm only able to see the source traffic too, via the command below (using wireshark): 

    tcpdump -i eth5 src host actual_ip_address_of_external_client -w /tmp/<outputfile>

    What might be the problem?

    • Bratchley
      Bratchley about 9 years
      Not 100% but I believe tcpdump supports the or operator
    • Bratchley
      Bratchley about 9 years
      The question in this post includes an example of using the or operator.
    • Selahattin
      Selahattin about 9 years
      thanks could you please me sample syntax regarding my situation ? or what else do you recommended instead of tcpdump command? please clarify
    • Bratchley
      Bratchley about 9 years
      you should probably do something like tcpdump -i eth5 host <currentHost> or host <destinationHost> Just as an example: tcpdump -i eth5 host 192.168.122.23 or 192.168.122.25.
    • Admin
      Admin about 9 years
      So are you saying that, without -w /tmp/<outputfile>, tcpdump doesn't print traffic from the actual_ip_address_of_external_client, but if you add -w /tmp/<outputfile> to the command, making no change to the filter or the -i argument, and then read the file in Wireshark, you do see traffic from that address?
    • Selahattin
      Selahattin about 9 years
      @GuyHarris as you said I have facing same issue. Also I can see external IP address of host in wireshark as [source] from address. otherwise if an external host (say 118.168.141.172) made a connection, I would like to capture the traffic. OK?
  • Selahattin
    Selahattin about 9 years
    thanks info I solved my issue e.g tcpdump -ni s0 vlan and host_a and host_b and tcp 80
  • Velu
    Velu about 4 years
    sudo tcpdump -s 65535 -i eth0 host 10.78.5.118 and host 41.212.409.114 -w ssl.pcap

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

TCP Server sends [ACK] followed by [PSH,ACK]
tcpdump read both ipv4 and ipv6 packets from pcap
How to capture "dropped packets" in tcpdump
Using tcpdump to find strings
How to use Linux to capture packets on eth0 and send everything to eth1?
What program sent which packet to the network
tcpdump capturing tcp resets by host
tcpdump filter for tcp zero window messages
tcpdump: snaplen set to 0 but still get "Packet size limited during capture"?
Add another IP address to a Bonding Interface