I've found a lot of information specifying that this is the case, however, I am really looking for the reason behind this. Why is it necessary? Is it necessary?
How to make wireshark filter POST-requests only?
I want tcpdump to capture VLAN 1000 or VLAN 501. man pcap-filter says:
The vlan [vlan_id] expression may be used more than once, to filter on VLAN hierarchies. Each use of that expression increments the filter offsets by 4.
When I do:
tcpdump -vv -i eth1 \( vlan 1000 \) and \( ip host 10.1.1.98 or ip host 10.1.1.99 \)
I get captured packets.
But when I do:
tcpdump -vv -i eth1 \( vlan 1000 or vlan 501 \) and \( ip host 10.1.1.98 or ip host 10.1.1.99 \)
I don't get any packets -- I presume because of the "increment by 4" behavior described in the man page.
How can I capture traffic on more than one VLAN at a time?
Can anyone recommend a linux command line tool to monitor the number of bytes transferred between the local server and a specified IP address/port.
The equivalent tcpdump command would be:
tcpdump -s 0 -i any -w mycapture.trc port 80 host google.com
which outputs :
46 packets captured
131 packets received by filter
0 packets dropped by kernel
I'd like something similar that outputs:
54 bytes out, 176 bytes in
I'd like it to work on RHEL and be free/open-source. It would be good if there was an existing tool which I was just missing too!
Wireshark | Windows
I want to search a packet capture of SMTP traffic for specific addresses/messages. Normally, I just sort the info column and browse but it would be nice if I could just run a search or filter for the specific string I'm looking for.
Is there a way to do this in Wireshark?