Capturing on a non-default interface with tcpdump

Question

O/P of if config is

[root@test2 ~]# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3045306 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3045306 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:969363066 (924.4 MiB)  TX bytes:969363066 (924.4 MiB)

p4p1      Link encap:Ethernet  HWaddr F0:4D:A2:F7:CE:20
          inet addr:192.168.250.58  Bcast:192.168.250.255  Mask:255.255.255.0
          inet6 addr: fe80::f24d:a2ff:fef7:ce20/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:222163621 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29525032 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:67504475609 (62.8 GiB)  TX bytes:13910424527 (12.9 GiB)

virbr0    Link encap:Ethernet  HWaddr 52:54:00:3C:38:60
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

when i executed tcpdump , o/p is

root@test2 ~]# tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes

where it is listening to vibra0 interface as default. I want to set p4p1 interface as default interface so that i may get appropriate o/p when executing tcpdump.

Any solutions.

Answer 1

You cannot change tcpdump's default interface (unless you hack either tcpdump or libpcap's code).

You can, however, tell tcpdump to capture on a particular interface by using the -i option:

tcpdump -i p4p1