LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Tcpdump raw output but grepping aswell (http://www.linuxquestions.org/questions/linux-newbie-8/tcpdump-raw-output-but-grepping-aswell-657809/)

synick 07-23-2008 07:31 PM

Tcpdump raw output but grepping aswell
 
Hi Guys,

I have had a hunt around the interweb to see if I can perform a tcpdump on an interface, grep based on certain ip's but also writing it as raw output:

Something like:

tcpdump -i eth0 -w tcpdump.cap | grep 10.0.0.1 | grep 10.0.0.2

But that doesn't work, I have also had a look through the man page and can't seem to spot any commands to grep with a -w.

Any help is greatly appreciated.

Regards.

chrism01 07-23-2008 11:01 PM

You need the tee cmd : http://www.ss64.com/bash/tee.html

/usr/sbin/tcpdump -i eth0 | tee tcpd.dmp |grep blah

estabroo 07-23-2008 11:46 PM

If you only want to capture packets for those hosts

tcpdump -i eth0 -w tcpdump.cap host 10.0.0.1 or host 10.0.0.2

That'll capture packets whose source or destination is either of those hosts.


All times are GMT -5. The time now is 06:12 PM.