Tcpdump raw output but grepping aswell
I have had a hunt around the interweb to see if I can perform a tcpdump on an interface, grep based on certain ip's but also writing it as raw output:
tcpdump -i eth0 -w tcpdump.cap | grep 10.0.0.1 | grep 10.0.0.2
But that doesn't work, I have also had a look through the man page and can't seem to spot any commands to grep with a -w.
Any help is greatly appreciated.
You need the tee cmd : http://www.ss64.com/bash/tee.html
/usr/sbin/tcpdump -i eth0 | tee tcpd.dmp |grep blah
If you only want to capture packets for those hosts
tcpdump -i eth0 -w tcpdump.cap host 10.0.0.1 or host 10.0.0.2
That'll capture packets whose source or destination is either of those hosts.
|All times are GMT -5. The time now is 08:45 PM.|