-   Linux - Networking (
-   -   tcpdump and arp question (

blackzone 06-30-2004 11:30 PM

tcpdump and arp question
how to filter tcpdump so it displays all traffic from a specific Mac address?

how to check/change the arp refresh time under linux?

If I'm using vmware and have it simulate an extra NIC eth0 and eth1, how do filter tcpdump so it shows all traffic through eth1 only?

Sorry if my question sound weird. Barely even know what I am asking.


ppuru 07-01-2004 12:05 AM

you can

tcpdump -vvveX -i eth1|grep "xx:xx:xx:xx:xx:xx"

where xx:xx:xx:xx:xx:xx will be the mac address you want to monitor.

charon79m 07-01-2004 12:25 PM

Not an answer, but perhaps a better method
I use ethereal in place of tcpdump. Ethereal has an X interface and it allows for filtering based on the interface or even by each TCP thread.

Hope this helps,


All times are GMT -5. The time now is 11:57 AM.