Skip to content

capture-traffic-by-an-ip-address-or-a-network.md

Latest commit

 

History

History
32 lines (20 loc) · 812 Bytes

capture-traffic-by-an-ip-address-or-a-network.md

File metadata and controls

32 lines (20 loc) · 812 Bytes

Capture Traffic By An IP Address Or A Network

tcpdump can filter out traffic based on IP address, and a Network, examples below.

Capture Traffic by an IP Address

To capture traffic for an IP address, we can simply use host argument.

sudo tcpdump host 1.1.1.1

This will capture both outgoing, and incoming traffic for an IP address, 1.1.1.1 in example above.

Capture Traffic from one direction

If you only want to capture traffic from one direction, we can use src or dst argument.

sudo tcpdump src 1.1.1.1
sudo tcpdump dst 1.1.1.1

Capture Traffic by a Network

To capture traffic from a network or subnet, we can use net argument.

sudo tcpdump net 1.2.3.0/24

Source: Danielmiessler