Good Morning,
I have problems with a SAP monitoring.
I would like to sniff and dump into a cap to explore with Wireshark.
The scenario:
-Linux system SAP which receives incomming packets
-interface eth0
-source ip: 10.5.1.159
-incomming port 425 TCP
What will be the syntax of tcpcump to sniff the traffic and output to the cap file?
Many thanks in advance
TCPDUMP Syntax to sniif a source and dump in a pcap
-
FCC_Nagios_Support
- Posts: 161
- Joined: Tue Mar 10, 2020 11:07 am
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
Code: Select all
tcpdump -nni eth0 'host 10.5.1.159 and tcp port 425' -s 65535 -w /tmp/capture1.pcaphttps://www.tcpdump.org/manpages/tcpdump.1.html
-
FCC_Nagios_Support
- Posts: 161
- Joined: Tue Mar 10, 2020 11:07 am
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
Many thanks
I want to sniff traffic between 2 ips
10.5.1.156 -> 10.5.1.159
and
10.5.1.159 -> 10.5.1.156
What will be the tcpdump syntax=
Thanks againf
I want to sniff traffic between 2 ips
10.5.1.156 -> 10.5.1.159
and
10.5.1.159 -> 10.5.1.156
What will be the tcpdump syntax=
Thanks againf
-
FCC_Nagios_Support
- Posts: 161
- Joined: Tue Mar 10, 2020 11:07 am
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
Is this syntax valid:
tcpdump -i any 'src 10.2.4.191 and dst 10.5.7.108' or 'src 10.5.7.108 and dst 10.2.4.191'
to sniff
10.2.4.191 -> 10.5.7.108
10.5.7.108 -> 10.2.4.191
Thanks a lot
tcpdump -i any 'src 10.2.4.191 and dst 10.5.7.108' or 'src 10.5.7.108 and dst 10.2.4.191'
to sniff
10.2.4.191 -> 10.5.7.108
10.5.7.108 -> 10.2.4.191
Thanks a lot
-
FCC_Nagios_Support
- Posts: 161
- Joined: Tue Mar 10, 2020 11:07 am
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
or is valid?
tcpdump -i any '(src 10.2.4.191 and dst 10.5.7.108) or (src 10.5.7.108 and dst 10.2.4.191)'
tcpdump -i any '(src 10.2.4.191 and dst 10.5.7.108) or (src 10.5.7.108 and dst 10.2.4.191)'
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
Code: Select all
tcpdump -nni eth0 'host X.X.X.X or host Y.Y.Y.Y' -s 65535