How do I arrange to capture only packets of interest?

asked 2021-05-06 07:00:09 +0000

updated 2021-05-07 05:38:19 +0000

Guy Harris gravatar image

Hi, my PCAP files for 2 hours of sniffing are around 50GB.

I am using kali linux on a VM. I have ettercap doing ARP poisoning

RP poisoning victims:

GROUP 1 : 08:55:31:36:74:75

GROUP 2 : B0:35:B5:D7:FC:D7

what should the file size be? how to fix the issue?

thanks a lot

what should the file size be?

A function of the number of packets captured and of the average size of the packets captured. :-)

On how many interfaces are you capturing, and how fast are those interfaces?

Guy Harris gravatar imageGuy Harris ( 2021-05-06 07:36:01 +0000 )edit

Frankly, 50GB in 2 hours is not that much if you are playing around. So the problem might be mainly your assumption. And I expect that the sort of thing you are doing will result in mch more traffic getting send to your client..

hugo.vanderkooij gravatar imagehugo.vanderkooij ( 2021-05-06 08:44:02 +0000 )edit

my intent was to capture just what goes on between and i don't need everything else captured on my network

but it seems like its capturing everything..

how do i make it capture just the traffic for & (the exchanges between them)

mackmester gravatar imagemackmester ( 2021-05-06 11:07:29 +0000 )edit

answered 2021-05-06 11:21:07 +0000

grahamb gravatar image

To limit capture traffic you use a capture filter.

For your specific case use:

host and host
Asked: 2021-05-06 07:00:09 +0000

Seen: 101 times

Last updated: May 07