> > This is a production machine so leaving logging on for extended periods > isn't an option since it would quickly fill up the logs. However I > turned in on briefly and even though using tcpdump I see constant > traffic through the bridge the logs only show traffic going in and out > to the bridge's IP that I have setup for maintenence, mostly my SSH > session. Any ideas how I can get it to see the traffic going through? > You can filter tcpdump, e.g.: tcpdump port not ssh tcpdump -i eth0 port 135 and host a.b.c.d tcpdump -p tcp -i any net a.b.c.d/e Also man tcpdump, for more detail than you probably ever wanted.
