tcpdump syntax for only capturing traffic coming to a specific virtual interface / local IP
11,172
Solution 1
Try this:
tcpdump -i any dst host your.ip.add.ress and port https
use http instead of https if you want to capture port 80 instead of 443 - or just use the numbers directly if you like. (The http/https names are mapped to the port numbers via lookup in /etc/services
)
Solution 2
tcpdump -n -i <INTERFACE> host <IP>
That should do it. -n will not resolve names.
Solution 3
Try this:
tcpdump -i any dst host your.ip.add.ress and port 80
Author by
Mike B
Technology Enthusiast, Gamer, Sci-Fi Addict, and DIY-er in training. =)
Updated on September 17, 2022Comments
-
Mike B over 1 year
CentOS 5.x
I need to collect a packet capture of https requests going to a specific IP address / virtual interface. Is there a specific switch/parameter for tcpdump that will allow that? The other IPs receive a lot of traffic so I'd prefer to not capture data pertaining to them and have to filter them out later... .
-
pjz over 13 yearswrong port for https
-
wolfgangsz over 13 years+1 for correcting my mistake.