Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

Understanding pcap-filter/tcpdumps 'localnet' background
Page 1 of 1

Author:  mabra [ Thu Oct 01, 2015 3:10 pm ]
Post subject:  Understanding pcap-filter/tcpdumps 'localnet' background

Hello !
In all tcpdump docs, one can find this - or a similar - line:

To select traffic neither sourced from nor destined for local hosts (if you gateway to one other net, this stuff should never make it onto your local net).

ip and not net localnet

I really needed some time to find out, that the mentioned 'localnet' must be in '/etc/networks' - which was not the case for me, wether for my debian squeeze nor for my ubunto 12. I added it - but, ether I dont understand or something does not work.

I see all traffic from and to the local box comin/going to other computer.

If I use instead
ip and (not net

If someone could this explain, this woul me make a little happier ;-)
I need it that often. Excluding the localhost by its name works.

Thanks anyway and
best reagrds,


Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group