G.A.
Reputation: 1523
tcpdump: How to capture arrival / outgoing interface for a packet?
I would like to capture the "incoming" interface and "outgoing" interface for packets transiting through a software switch (assume it has 10 ports and I want to know which of those 10 interfaces a particular packet came from). I can't seem to find any way to get "tcpdump -i any" to output the arriving or outgoing interfaces. It only gives fields of the packet. Is there any other derivative of tcpdump (like tshark perhaps?) which will enable extracting the port information? The intention is tracing a packet flow path through a network. Regards.
Upvotes: 4
Views: 4452
Answers (1)
Tombart
Reputation: 32378
tcpdump 4.10 should include this feature (hasn't been released as of today).
Meanwhile you can use Sebastian Haas's script.
Upvotes: 1
Related Questions
- How can I dump only outgoing IP packets in tcpdump?
- How to capture traffic from multiple interfaces using pcap
- How to record the packets after iptables?
- Listening with a script to tcpdump output pcaps
- Capture incoming traffic in tcpdump
- Capture TCP-Packets with Python
- Capturing on a non-default interface with tcpdump
- two instances of tcpdump at the same time?
- tcpdump: capture outgoing packets on virtual interfaces that has an unknown link type to libpcap?
- libpcap - capture packets from all interfaces