Capture 50000 Packets and save them to a trace file called 1000test.pcap.Note2: In some cases (GRE tunnel traffic, VXLAN traffic), the above filter possibly won’t really work for you as the filter can only apply the source/destination of tunnel IP.Īnother way to control the size of capture file is stopping the packet capture when captures a specfici number of the packet. Note1: dp0p224p1 is the interface on which we capture the traffic. You can use tshark to read your packet capture: Capture packets based on multilpe IPs and Protocol/Port.Capture packets based on IP and Protocol/Port.
Tshark -f “ udp port 53” -i dp0p224p1 -w /tmp/capture.pcap Tshark -f “ tcp port 1401” -i dp0p224p1 -w /tmp/capture.pcap
Capture packet based on source or destination IP.Here I show you a few real world example for tshark capture filter, which hope can save you a bit of time. To capture your interested traffic and remove unnessary nosiy traffic, you need to use the capture filter when you perform the packet capture. Vyatta 5600 provides Tshark as the packet capture tool.
0 kommentar(er)
