How to capture traffic between two specific hosts with tcpdump
Filter tcpdump captures to show only traffic between two specific IP addresses.
How to capture traffic between two specific hosts with tcpdump
Filter tcpdump captures to show only traffic between two specific IP addresses.
Prerequisites
- tcpdump installed with root or sudo access.
Step-by-Step: Capture Traffic Between Hosts with tcpdump
Use the
hostfilter withandto capture bidirectional traffic between two IPs:sudo tcpdump -i eth0 host 10.0.0.1 and host 10.0.0.2Restrict to a specific protocol:
sudo tcpdump -i eth0 host 10.0.0.1 and host 10.0.0.2 and tcpRestrict to a specific port:
sudo tcpdump -i eth0 host 10.0.0.1 and host 10.0.0.2 and port 5432Disable hostname resolution for faster output:
sudo tcpdump -nn -i eth0 host 10.0.0.1 and host 10.0.0.2