Hi, Could you please explain the difference between working nature of below two commands. tcpdump -w xpackets2.pcap -i eth0 src host-name tcpdump -w xpackets2.pcap -i eth0 dst host-name Thanks in advance. asked 24 Dec '13, 01:23  Manivas |
One Answer:
Using a capture filter of 'src host-name' limits the captured packets to those originating from host-name. Similarly 'dst host-name' limits packets to those going to host-name. To capture both types of packets you need to use a filter of 'host host-name'. answered 24 Dec '13, 12:19  grahamb ♦ Hi Thanks, You are suggesting that to capture packets sending to particular ip address and receiving from that same particular ip address in linux machine, we need to use the command like below. "tcpdump -w xpackets2.pcap -i eth0 host host-name" (26 Dec '13, 05:38) Manivas Sure, replacing the "host-name" part with the IP address of interest. See the first example on the Wireshark Capture Filters Wiki page. (26 Dec '13, 06:39) grahamb ♦ |
i telnet to the particular ip address from putty and executing some commands on that. I need to capture the packets for both sending commands to that particular ip address from putty and responses from that same ip address for these commands.
So could you please suggest the tcpdump commands to work for this.
Thanks in advance.