Now I think, you can play with the command as per your need. It saves the file in a pcap format, that can be viewed by TCPdump command or an open source GUI based tool like Wireshark that reads TCPdump pcap format. w mypcap.pcap will create that pcap file, which will be opened using wireshark. ssh containerlabhostaddress ip netns exec labnodename tcpdump -U -nni ifname -w - /mnt/c/Program Files/Wireshark/wireshark.exe -k -i. You can remove this to capture all packets. ![]() Port ftp or ssh is the filter, which will capture only ftp and ssh packets. Default is eth0, if you not use this option. i eth0 is using to give Ethernet interface, which you to capture. 65535, after this capture file will not truncate. It serves the same purpose as Wireshark, which is capturing and analyzing traffic. s 0 will set the capture byte to its maximum i.e. Tcpdump is a command-line alternative to Wireshark. You can use following command to capture the dump in a file: tcpdump -s 0 port ftp or ssh -i eth0 -w mycap.pcap I am writing this post, so that you can create a pcap file effectively. When you create a pcap file using tcpdump it will truncate your capture file to shorten it and you may not able to understand that. so many other options available, see tcpdump man page. ![]()
0 Comments
Leave a Reply. |