tcpdump command
Andy Green
andy at warmcat.com
Fri May 18 13:29:10 UTC 2007
Kaushal Shriyan wrote:
> Hi
>
> I have to capture network traffic between an appliance and content server
> using tcpdump command and then dump to a file and read and decode it using
> wireshark
>
> How do i proceed
>
> I have used tcpdump -i eth0 -s 1500 -w dump src host 192.168.0.1 and dst
> host www.example.com
>
> when i read the dump capture file using wireshark i could only see packets
> being sent from src host to destination host, I could not see any packets
> being sent from destination host to src host.
You specified what you wanted too tightly... ONLY packets coming FROM
('src host') 192.168.0.1 and going TO ('dst host') www.example.com.
Just using
-i eth0 -s 1500 -w dump host www.example.com
will get you what you want: see
man tcpdump
-Andy
More information about the fedora-list
mailing list