Page 1 of 1
TCPDUMP Syntax to sniif a source and dump in a pcap
Posted: Wed Apr 28, 2021 3:12 am
by FCC_Nagios_Support
Good Morning,
I have problems with a SAP monitoring.
I would like to sniff and dump into a cap to explore with Wireshark.
The scenario:
-Linux system SAP which receives incomming packets
-interface eth0
-source ip: 10.5.1.159
-incomming port 425 TCP
What will be the syntax of tcpcump to sniff the traffic and output to the cap file?
Many thanks in advance
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
Posted: Wed Apr 28, 2021 2:52 pm
by ssax
Code: Select all
tcpdump -nni eth0 'host 10.5.1.159 and tcp port 425' -s 65535 -w /tmp/capture1.pcap
See here as well:
https://www.tcpdump.org/manpages/tcpdump.1.html
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
Posted: Thu Apr 29, 2021 7:22 am
by FCC_Nagios_Support
Many thanks
I want to sniff traffic between 2 ips
10.5.1.156 -> 10.5.1.159
and
10.5.1.159 -> 10.5.1.156
What will be the tcpdump syntax=
Thanks againf
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
Posted: Thu Apr 29, 2021 7:43 am
by FCC_Nagios_Support
Is this syntax valid:
tcpdump -i any 'src 10.2.4.191 and dst 10.5.7.108' or 'src 10.5.7.108 and dst 10.2.4.191'
to sniff
10.2.4.191 -> 10.5.7.108
10.5.7.108 -> 10.2.4.191
Thanks a lot
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
Posted: Thu Apr 29, 2021 8:01 am
by FCC_Nagios_Support
or is valid?
tcpdump -i any '(src 10.2.4.191 and dst 10.5.7.108) or (src 10.5.7.108 and dst 10.2.4.191)'
Re: TCPDUMP Syntax to sniif a source and dump in a pcap
Posted: Thu Apr 29, 2021 6:09 pm
by ssax
Code: Select all
tcpdump -nni eth0 'host X.X.X.X or host Y.Y.Y.Y' -s 65535