tcpdump command
David G. Miller
dave at davenjudy.org
Fri May 18 13:48:53 UTC 2007
"Kaushal Shriyan" <kaushalshriyan at gmail.com> wrote:
> I have to capture network traffic between an appliance and content server
> using tcpdump command and then dump to a file and read and decode it using
> wireshark
>
> How do i proceed
>
> I have used tcpdump -i eth0 -s 1500 -w dump src host 192.168.0.1 and dst
> host www.example.com
>
> when i read the dump capture file using wireshark i could only see packets
> being sent from src host to destination host, I could not see any packets
> being sent from destination host to src host.
>
> Please let me know what I am doing wrong.
Try -s0 and you specified "src host" and "dest host" so you only see
packets *from* the source *to* the destination. Try leaving off "src"
and "dest". You should then only see all packets between the two
systems since only those packets will have both hosts.
Cheers,
Dave
--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce
More information about the users
mailing list