On 10/26/2019 8:35 AM, to...@tuxteam.de wrote: > Yep. Something along the lines of > > tcpdump -w data.pcap > > then scp that to your box and > > wireshark data.pcap > > Refinements, of course, possible :-)
I'd also suggest giving tcpdump the name of either the internal or external interface with -i, because otherwise you're going to see duplicated packets -- which _could_ be helpful to figure out what is going on if a packet is not forwarded, but there is no annotation in the dump file for which interface a packet was received/sent on. You could wind up with a mess of packets and some may not even be physical interfaces (do you _need_ to also capture lo? probably not). Depending on the version of tcpdump, you may also need to set -s to some reasonable value, as I recall on older versions the default was not large enough to capture entire packets. Of course, if you don't need the whole payload then this might not matter. -- Chris Howie http://www.chrishowie.com http://en.wikipedia.org/wiki/User:Crazycomputers If you correspond with me on a regular basis, please read this document: http://www.chrishowie.com/email-preferences/ PGP fingerprint: 2B7A B280 8B12 21CC 260A DF65 6FCE 505A CF83 38F5 ------------------------------------------------------------------------ IMPORTANT INFORMATION/DISCLAIMER This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it. Additionally, by sending an email to ANY of my addresses or to ANY mailing lists to which I am subscribed, whether intentionally or accidentally, you are agreeing that I am "the intended recipient," and that I may do whatever I wish with the contents of any message received from you, unless a pre-existing agreement prohibits me from so doing. This overrides any disclaimer or statement of confidentiality that may be included on your message.
signature.asc
Description: OpenPGP digital signature
