If you ever find your self working on a Linux based gateway device and you need to trace what is happening. run the above command and you will be able to take the file and open it in WireShark
<IPADDRESS> change this to the device you are tracking.
<FILENAME> give the file a name.
-nn will remove port and name resolution.
-s 0 capture file will not truncate.
-i sets the interface to listen on.
host sets the ip address to filter.
If you run tcpdump -D it will list the interfaces available to listen on, command is case sensitive
No comments:
Post a Comment