Hi
I wanna capture a stream of packets coming into my server via specifically eth1 and eth2. I have few more interfaces too. But I don’t want them to be monitored. I need only eth1 and eth2.
Can somebody guide me to get these packet traces into a one pcap file?
like -i eth1 -i eth2 . Bu this is not working. Is there any other way to do it?
Thank you
Luke
How about capturing them using two command and merge it later?
You run these two commands on two terminals or use something like screen/tmux
tcpdump -i eth1 -nn -s 0 -w eth1.bin
tcpdump -i eth2 -nn -s 0 -w eth2.bin
Next merge it:
mergecap -w final.bin eth1.bin eth2.bin
The mergecap command is part of wireshark package. So you need to install wireshark-common on a Debian or Ubuntu Linux.
Hi Vivek,
Thank you so much for the idea and the guidance. So far, I also tried the same steps that you have mentioned.
Every 15sec each pcaps roll out for the next one in both network interfaces. I wanna know if the file generating has been completed. Then only i can merge them.
for that I can use lsof to identify if the is still open. if not then i can merge them together. But for this task I might have lot of work to do. I was thinking , is there a way to handle everything within tecpdump.
Thank you once again .
Luke.