Results 1 to 4 of 4
Hi All,
I'm trying to capture traffic between two machines, A and B. I would like to make sure that the traffic I capture with tcpdump is between eth1 on ...
- 01-28-2011 #1Just Joined!
- Join Date
- Jan 2011
- Location
- CT
- Posts
- 5
tcpdump filtering remote interface
Hi All,
I'm trying to capture traffic between two machines, A and B. I would like to make sure that the traffic I capture with tcpdump is between eth1 on the local machine and eth0 on the remote machine. As I understand it, the -i flag specifies the local machine interface - but how to set the remote one?
Thanks
Elisha
- 01-28-2011 #2Linux Guru
- Join Date
- May 2009
- Location
- Munich
- Posts
- 2,096
Not possible.
But if you dont trust your routing or the traffic, that you receive on one side, then you can run a second tcpdump locally on that remote machine.You must always face the curtain with a bow.
- 01-28-2011 #3Linux Guru
- Join Date
- Nov 2007
- Posts
- 1,695
Google: tcpdump examples
You cannot filter on one machine by the device name on another machine (how would the local machine know what device name is on another system?) But you can filter tcpdump by the remote IP address.
Code:# host // look for traffic based on IP address (also works with hostname if you're not using -n) # tcpdump host 1.2.3.4
- 01-28-2011 #4Just Joined!
- Join Date
- Jan 2011
- Location
- CT
- Posts
- 5
of course!
Thanks. I should have known it was impossible. Don't know why I thought the hardware info was encoded in the packets.
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts