Hello, I want to capture packets passing through multiple interface on linix machine. I tried 1. "dumpcap -i eth1 eth2 ....." 2. "dumpcap -i eth1 -i eth2 ....." But nothing work. I don't want to use "dumpcap -i any ...." because it will capture some undesired traffic as well. I am currently using dumpcap version: Dumpcap 1.6.6 (SVN Rev Unknown from unknown) Copyright 1998-2012 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GLib 2.30.1, with libpcap (version unknown), with libz 1.2.5, with POSIX capabilities (Linux). Running on Linux 3.1.10-gb14-default, with libpcap version 1.1.1, with libz 1.2.5. Built using gcc 4.6.2." asked 29 Oct '14, 02:18  ankitkamal |
One Answer:
can you please try a newer version of dumpcap, as I believe the feature to capture on multiple interfaces was implemented later. Regards answered 29 Oct '14, 02:41  Kurt Knochner ♦ |
Yes, that feature was added in Wireshark 1.8.0. See the Release Notes.
thanks for the link!