How do I arrange to capture only packets of interest?
Hi, my PCAP files for 2 hours of sniffing are around 50GB.
I am using kali linux on a VM. I have ettercap doing ARP poisoning
RP poisoning victims:
GROUP 1 : 192.168.1.1 08:55:31:36:74:75
GROUP 2 : 192.168.1.14 B0:35:B5:D7:FC:D7
what should the file size be? how to fix the issue?
thanks a lot
A function of the number of packets captured and of the average size of the packets captured. :-)
On how many interfaces are you capturing, and how fast are those interfaces?
Frankly, 50GB in 2 hours is not that much if you are playing around. So the problem might be mainly your assumption. And I expect that the sort of thing you are doing will result in mch more traffic getting send to your client..
my intent was to capture just what goes on between 192.168.1.1 and 192.168.1.14 i don't need everything else captured on my network
but it seems like its capturing everything..
how do i make it capture just the traffic for 192.168.1.14 & 192.168.1.1 (the exchanges between them)