-   Linux - Newbie (
-   -   Tcpdump raw output but grepping aswell (

synick 07-23-2008 07:31 PM

Tcpdump raw output but grepping aswell
Hi Guys,

I have had a hunt around the interweb to see if I can perform a tcpdump on an interface, grep based on certain ip's but also writing it as raw output:

Something like:

tcpdump -i eth0 -w tcpdump.cap | grep | grep

But that doesn't work, I have also had a look through the man page and can't seem to spot any commands to grep with a -w.

Any help is greatly appreciated.


chrism01 07-23-2008 11:01 PM

You need the tee cmd :

/usr/sbin/tcpdump -i eth0 | tee tcpd.dmp |grep blah

estabroo 07-23-2008 11:46 PM

If you only want to capture packets for those hosts

tcpdump -i eth0 -w tcpdump.cap host or host

That'll capture packets whose source or destination is either of those hosts.

All times are GMT -5. The time now is 12:18 AM.