Wednesday, January 26, 2011

tcpdump syntax for only capturing traffic coming to a specific virtual interface / local IP.

CentOS 5.x

Hello All,

I need to collect a packet capture of https requests going to a specific IP address / virtual interface. Is there a specific switch/parameter for tcpdump that will allow that? The other IPs receive a lot of traffic so I'd prefer to not capture data pertaining to them and have to filter them out later... .

-M

From serverfault Mikey B 
  • tcpdump -n -i <INTERFACE> host <IP>

    That should do it. -n will not resolve names.

    From vmfarms

  • Try this:

    tcpdump -i any dst host your.ip.add.ress and port 80
    pjz : wrong port for https
    From wolfgangsz

  • Try this:

    tcpdump -i any dst host your.ip.add.ress and port https

    use http instead of https if you want to capture port 80 instead of 443 - or just use the numbers directly if you like. (The http/https names are mapped to the port numbers via lookup in /etc/services)

    wolfgangsz : +1 for correcting my mistake.
    Mikey B : Brilliant. Worked perfectly. Thanks!
    From pjz
Posted by Mu Cat at 6:17 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)