Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

tcpdump to a logical interface

CharliePuyol
Advisor

tcpdump to a logical interface

i cant make a tcpdump to a logical interface (lan0:1) how can i filter the packages? is there a way to filter through an IP address?
2 REPLIES
Matti_Kurkela
Honored Contributor

Re: tcpdump to a logical interface

The tcpdump command can filter in many ways, including by IP address. Read "man tcpdump".

For example, if the IP address of lan0:1 is 10.1.1.1, you might use:

tcpdump -i lan0 host 10.1.1.1

If you want to dump only traffic between lan0:1 and one specific host, you might use:

tcpdump -i lan0 host 10.1.1.1 and host 10.2.2.2

MK
MK
rick jones
Honored Contributor

Re: tcpdump to a logical interface

"i cant make a tcpdump to a logical interface (lan0:1)"

Correct - tcpdump uses DLPI, and for any one "physical" (as seen by the transport) interface there is only the one DLPI interface. The logical interfaces are purely in the imagination of the transport - the multiplex onto the one DLPI PPA, and the transport handles the demux on the way in.

I see someone else has already touched on tcpdump filter expressions as a way to filter packets based on IP addresses (and other things).
there is no rest for the wicked yet the virtuous have no pillows