[CentOS] tcpdump; how to dump all
Joe DiTommasso
jdito at dca.netFri Jan 14 14:52:45 UTC 2011
- Previous message: [CentOS] tcpdump; how to dump all
- Next message: [CentOS] Server reboots unexpectebly.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jan 14, 2011 at 08:21:23AM -0500, Kwan Lowe wrote: > On Fri, Jan 14, 2011 at 5:28 AM, Giles Coochey <giles at coochey.net> wrote: > >>How can I dump every packets received by filter ? > > > > I use the following command to make packet captures: > > > > tcpdump -i eth0 -s 0 -w capture.cap > > > > It creates a file capture.cap that can be read by a packet analyzer - e.g. > > wireshark. > > I often run a variation of the above in a screen session then > disconnect.. There's probably an easier way, but I do so I don't see > my own traffic. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos You can use 'not' with port or host specifications to not log matching traffic. For example: `tcpdump -i eth0 -s 0 -w capture.cap not port 22` will drop all SSH traffic from the pcap `tcpdump -i eth0 -s 0 -w capture.cap not host <ip>` will drop all traffic to/from <ip> from the pcap Joe
- Previous message: [CentOS] tcpdump; how to dump all
- Next message: [CentOS] Server reboots unexpectebly.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list