![]() Note2: In some cases (GRE tunnel traffic, VXLAN traffic), the above filter possibly won’t really work for you as the filter can only apply the source/destination of tunnel IP.Īnother way to control the size of capture file is stopping the packet capture when captures a specfici number of the packet. Note1: dp0p224p1 is the interface on which we capture the traffic. You can use tshark to read your packet capture: Capture packets based on multilpe IPs and Protocol/Port.Capture packets based on IP and Protocol/Port.Tshark -f “ udp port 53” -i dp0p224p1 -w /tmp/capture.pcap Tshark -f “ tcp port 1401” -i dp0p224p1 -w /tmp/capture.pcap Capture packet based on source or destination IP.Here I show you a few real world example for tshark capture filter, which hope can save you a bit of time. To capture your interested traffic and remove unnessary nosiy traffic, you need to use the capture filter when you perform the packet capture. Vyatta 5600 provides Tshark as the packet capture tool.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |