Rick Stevens ricks at
Wed Jul 9 23:35:24 UTC 2008

tony.chamberlain at wrote:
> I want to look at all the traffic coming to my web browser (
> (tomcat on port 80) using tcpdump.
> If I say  tcpdump port 80
> that will get 80 coming and going.  Also if I say
> tcpdump dst port 80
> I will still get any traffic I have to other web sites.
> I thought  tcpdump (dst port 80) and (dst host
> would work but that does not seem to get anything.  I went to
>  from another machine, got my web page
> but nothing in the tcp dump.

I'm assuming you're running tcpdump on machine A.  You want to see 
traffic between machine B and machine C.  If machines A and B are
plugged into a network _switch_, the switch routes traffic to/from B's
port only--it never appears at A's port so tcpdump can't see it.  That's
what switches do.

If you DO want to eavesdrop on other machines, you must use a network
_hub_, NOT a switch, or force your switch to go into hub mode or have
it put A's port on the same VLAN as B's port.  Big switches can do
that...the cheap ones can't.

> What is the correct way to do this (all incoming to my web browser)?
> Theoretically besdies I would also like

- Rick Stevens, Systems Engineer                       rps2 at -
- Hosting Consulting, Inc.                                           -
-                                                                    -
-        Change is inevitable, except from a vending machine.        -

More information about the fedora-list mailing list