|Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
|Understanding pcap-filter/tcpdumps 'localnet' background
|Page 1 of 1|
|Author:||mabra [ Thu Oct 01, 2015 3:10 pm ]|
|Post subject:||Understanding pcap-filter/tcpdumps 'localnet' background|
In all tcpdump docs, one can find this - or a similar - line:
To select traffic neither sourced from nor destined for local hosts (if you gateway to one other net, this stuff should never make it onto your local net).
ip and not net localnet
I really needed some time to find out, that the mentioned 'localnet' must be in '/etc/networks' - which was not the case for me, wether for my debian squeeze nor for my ubunto 12. I added it - but, ether I dont understand or something does not work.
I see all traffic from and to the local box comin/going to other computer.
If I use instead
ip and (not net 192.168.26.0/24)
If someone could this explain, this woul me make a little happier
I need it that often. Excluding the localhost by its name works.
Thanks anyway and
|Page 1 of 1||All times are UTC - 5 hours [ DST ]|
|Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group