I'm trying to capture packets from开发者_运维知识库 two devices on my network.
I have tcpdump installed on my dd-wrt router and working correctly.
However, the only packets I capture are broadcast packets when using a tcpdump statement that states only those two devices
./tcpdump -w /tmp/capture.pcap dst 192.168.3.105 or src 192.168.3.105 or dst 192.168.3.136 or src 192.168.3.136
I'm capturing on intefface br0. Is that correct?
Both devices are plugged in directly to the ports 1 and 2 with ip addresses 192.168.3.105 and 192.168.3.136 respectively.
Do I need to set br0 in promiscuous mode?
A little stuck. Thanks.
I did a bit of this a couple of years ago with my dd-wrt and looking at my old installation notes and scripts, I didn't have to put anything into promiscuous mode. I also didn't specify an interface for tcpdump. Here is the command I was using that was working for me:
/opt/sbin/tcpdump -s 1024 'host 192.168.1.111 and ((greater 137 and less 139) or (greater 900 and less 1024))' -w `date +%Y.%m.%d-%H.%M`-tcp.dmp -n -U -C 1
What happens if you use:
./tcpdump -w /tmp/capture.pcap 'host 192.168.3.105 or host 192.168.3.136'
精彩评论