![]() To prevent huge files, and to make later investigation easier, the file name is changed every 10 minutes, with the file name containing the date and time as an identifier. Will capture all traffic to/from 192.168.111.190 and save the entire packet to a file. You can still use wireshark to view the packets in detail later on.įor example (where I am using a local IP address, just for the example): sudo tcpdump -i eth0 host 192.168.111.190 -w 'eth0-%F-%H-%M-%S.bin' -G 600 The suggestion is to use tcpdump to do the actual packet capturing and saving. OS Information: Description: Ubuntu 14.10 So is this how it should look, is a restart required, or any command to be executed? The current solution provided does not seem to be working, this is now the new contents of my /etc/network/interfaces file: # interfaces(5) file used by ifup(8) and ifdown(8) I know that such a thing, or at least something similar, could be done, but I just do not know the technical detail of exactly how I would get it to work, so that is really why I am asking about it here.Įven if I would not be able to get it to startup in the background on startup and start doing this by itself without launching any GUI, at least a way so that I could get it to filter and automatically save specific packets would be good (even if I would need to manually start Wireshark). It would also then be very useful for it to save the captured packets automatically that match these specifications to a directory that I would specify. I have got Wireshark installed and I am wanting to monitor the traffic to and from a specific IP address, so what would be really useful would be if I could get Wireshark to start by itself on startup and then start capturing packets on eth0 which are either from or to that specific IP address.
0 Comments
Leave a Reply. |