On Fri, Jan 14, 2011 at 08:21:23AM -0500, Kwan Lowe wrote:
On Fri, Jan 14, 2011 at 5:28 AM, Giles Coochey giles@coochey.net wrote:
How can I dump every packets received by filter ?
I use the following command to make packet captures:
tcpdump -i eth0 -s 0 -w capture.cap
It creates a file capture.cap that can be read by a packet analyzer - e.g. wireshark.
I often run a variation of the above in a screen session then disconnect.. There's probably an easier way, but I do so I don't see my own traffic. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
You can use 'not' with port or host specifications to not log matching traffic. For example: `tcpdump -i eth0 -s 0 -w capture.cap not port 22` will drop all SSH traffic from the pcap `tcpdump -i eth0 -s 0 -w capture.cap not host <ip>` will drop all traffic to/from <ip> from the pcap Joe