tcpdump capture between 2 IPs
by vinmansbrew from LinuxQuestions.org on (#6H3FD)
I seem to be having trouble finding just the right syntax to capture all traffic between 2 IPs.
I've tried a number of commands, but haven't seemed to find the right combo.
I am on RHEL 8.8.
A list of commands I have tried:
tcpdump -s 0 -vv -c 100 -i ens192 -xX src host IP and dst host IP and not stp -w /tmp/capture.pcap
tcpdump -nli ens192 host IP and IP -w /tmp/allcap.pcap
tcpdump -s 0 -vv -c 100 -nli ens192 host IP and IP -w /tmp/allcap.pcap
I've tried separate commands for each IP. However, neither of those limits the capture to just the 2 IPs that I want.
tcpdump -ni ens192 src host IP -w /tmp/capout.pcap
tcpdump -ni ens192 dst host IP -w /tmp/capin.pcap
I'm trying other options, but I thought I'd try you guys.
Thanks
I've tried a number of commands, but haven't seemed to find the right combo.
I am on RHEL 8.8.
A list of commands I have tried:
tcpdump -s 0 -vv -c 100 -i ens192 -xX src host IP and dst host IP and not stp -w /tmp/capture.pcap
tcpdump -nli ens192 host IP and IP -w /tmp/allcap.pcap
tcpdump -s 0 -vv -c 100 -nli ens192 host IP and IP -w /tmp/allcap.pcap
I've tried separate commands for each IP. However, neither of those limits the capture to just the 2 IPs that I want.
tcpdump -ni ens192 src host IP -w /tmp/capout.pcap
tcpdump -ni ens192 dst host IP -w /tmp/capin.pcap
I'm trying other options, but I thought I'd try you guys.
Thanks