Ask Your Question
0

How can I capture traffic continuously, with multiple interfaces on multiple nics?

asked 2021-11-07 14:24:49 +0000

updated 2021-11-07 20:21:43 +0000

Guy Harris gravatar image

I need to be able to, continuously capture traffic on multiple interfaces. I have a virtual server set up with multiple nic cards and I want to have the ability to capture traffic on all of the nics. I have about 79 gigs of storage and 4 gigs of memory allocated on the virtual server to do this.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-11-07 16:00:49 +0000

grahamb gravatar image

dumpcap, or tcpdump both support mutiple -i arguments to specify the interfaces to capture on.

Some OS's, e.g. Linux, both can also use the any interface to capture on all interfaces, but not in promiscuous mode.

edit flag offensive delete link more

Comments

Captures on any will come in as Linux cooked-mode capture (SLL)

Chuckc gravatar imageChuckc ( 2021-11-07 19:13:07 +0000 )edit

dumpcap, or tcpdump both support mutiple -i arguments to specify the interfaces to capture on.

dumpcap, yes; tcpdump, no. Tcpdump, confusingly, uses the argument to the last-i argument as the single interface on which to capture.

Guy Harris gravatar imageGuy Harris ( 2021-11-07 20:23:43 +0000 )edit

I was positive I'd checked the man page for tcpdump when writing the answer but I obviously imagined it.

grahamb gravatar imagegrahamb ( 2021-11-08 09:16:01 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-11-07 14:24:49 +0000

Seen: 63 times

Last updated: Nov 07