-   Linux - Newbie (
-   -   Tcpdump raw output but grepping aswell (

synick 07-23-2008 08:31 PM

Tcpdump raw output but grepping aswell
Hi Guys,

I have had a hunt around the interweb to see if I can perform a tcpdump on an interface, grep based on certain ip's but also writing it as raw output:

Something like:

tcpdump -i eth0 -w tcpdump.cap | grep | grep

But that doesn't work, I have also had a look through the man page and can't seem to spot any commands to grep with a -w.

Any help is greatly appreciated.


chrism01 07-24-2008 12:01 AM

You need the tee cmd :

/usr/sbin/tcpdump -i eth0 | tee tcpd.dmp |grep blah

estabroo 07-24-2008 12:46 AM

If you only want to capture packets for those hosts

tcpdump -i eth0 -w tcpdump.cap host or host

That'll capture packets whose source or destination is either of those hosts.

All times are GMT -5. The time now is 09:48 PM.