tcpdump command
Andy Green
andy at warmcat.com
Fri May 18 14:03:20 UTC 2007
Kaushal Shriyan wrote:
> Thanks Andy
>
> so running this command tcpdump -i eth0 -s 1500 -w dump host
> www.example.comwill give me the network traffic between src host to
> destination host
> and destination host to src host
>
> is that correct what i understand
What it will show you exactly is any packet that is coming from, or
going to www.example.com. If 192.168.0.2 is also talking to
www.example.com at that time, it will show those packets too.
As David Miller points out you can tighten it using
host 192.168.0.1 and host www.example.com
but normally in practice nobody else talks to the host you want, and if
they do contaminate your capture, only then do you bother to tighten the
capture criteria accordingly.
-Andy
More information about the fedora-list
mailing list