>> using tcpdump you can capture all the interfaces
#tcpdump
>> if you wanna capture perticular interface
#ifconfig << to check interfacess>>
# tcpdump -i eth0 <<give whatever interface you wanna capture eth0 or eth1......>>
using only tcpdump command you need to hit cancel. So if you usr "-c " option then it will take howmany packets you mentioned.
example
#tcpdump -c 20 << it will capture only 20 packets only>>
>> if you wanna capture 20 packets on interface eth0
#tcpdump -c 20 -i eth0
>> if you wanna capture 20 packets on eth0 interface with saved file on /tmp then you can use below command
# tcpdump -w /tmp/dump.pcap -c 20 -i eth0
-w for save on /tmp/ with dump.pcap file
-c for capture 20 packets
-i for capture on eth0 interface
here other things you need to remember if you have to view the captured file either you need wireshark tool or from command line using "r" option you can. see for example below
# cat dump.pcap <<< you cant understand anything>>>
#tcpdump -r dump.pcap << you can see now clearly>>
if you want capture for perticular interface and port
# tcpdump -i eth0 port 22
No comments:
Post a Comment