Forum Discussion
1 Reply
Sort By
- P_KAltostratus
There is nothing like best tcpdump.. you can use options depending on your requirement.. see below..
tcpdump -nni 0.0:nnnp '(host VIP-IP and port VIP-PORT)' or '(host VIP-IP and host pool member IP)' or '(host Client-IP and host VIP-IP)' or '(host pool member ip and port pool member port)' -s0 -vvv -w /var/tmp/filename.pcap
Example:
tcpdump -nni 0.0:nnnp '(host 10.10.10.1 and port 443)' or '(host 10.10.10.1 and host 10.10.10.100)' or '(host 169.54.x.x and host 10.10.10.1)' or '(host 10.10.10.100 and port 8080)' -s0 -vvv -w /var/tmp/test.pcap
Options:
-nni : Do not resolve hostnames and port on interface 0.0 : All interfaces nnnp: low, medium & high tmm details in the packet with specific peer traffic flow -S0 : unlimited capture size -vvv : maximum verbosity -W : write captured data to /var/tmp/ : path to save the capture filename.pcap : filename of the captureHope this helps!