On Fri, Jan 14, 2011 at 08:21:23AM -0500, Kwan Lowe wrote: > On Fri, Jan 14, 2011 at 5:28 AM, Giles Coochey <giles@xxxxxxxxxxx> wrote: > >>How can I dump every packets received by filter ? > > > > I use the following command to make packet captures: > > > > tcpdump -i eth0 -s 0 -w capture.cap > > > > It creates a file capture.cap that can be read by a packet analyzer - e.g. > > wireshark. > > I often run a variation of the above in a screen session then > disconnect.. There's probably an easier way, but I do so I don't see > my own traffic. > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos You can use 'not' with port or host specifications to not log matching traffic. For example: `tcpdump -i eth0 -s 0 -w capture.cap not port 22` will drop all SSH traffic from the pcap `tcpdump -i eth0 -s 0 -w capture.cap not host <ip>` will drop all traffic to/from <ip> from the pcap Joe _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos