Ask Your Question

Revision history [back]

capture only destination IPs

We're preparing a mass migration of servers to a completely new network. To build an overview of the interactions between all our servers, we're thinking on leveraging Wireshark to capture all IPs our Windows servers are connecting to. Our Linux team already did something similar with native tool tcpdump. They used capture filter ''''tcp[13]=18' or proto ICMP or proto UDP" to look at TCP SYN packages or ICMP/UDP traffic, which (if I googled properly) translates to filter "tcp[0xd]&18=2 or proto ICMP or proto UDP" in Wireshark.

Is there a more efficient way, cause the pcap file can still grow quite big on busy servers?