Wireshark mailing list archives
Re: capturing packets on two interfaces: eth0 and lo
From: Guy Harris <guy () alum mit edu>
Date: Wed, 31 Oct 2012 09:35:23 -0700
On Oct 31, 2012, at 7:18 AM, esolve esolve <esolvepolito () gmail com> wrote:
I'm capturing packets related to a program which uses a local socks proxy, the packets on eth0 are encrypted while the packets on lo are corresponding decrypted content. I'm wondering whether it is possible to simultaneously capturing packets on two interfaces: eth0 and lo, and output the packets into two different files?
Yes, by running two instances of tcpdump, dumpcap, TShark, or Wireshark. It's also possible to simultaneously capture on two interfaces and output the packets into *one* file with a single instance of dumpcap, TShark, or Wireshark, but not tcpdump (which can't write pcap-ng files). It's not possible to simultaneously capture on two interfaces and output the packets into separate files with one instance of any of the programs listed above. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- capturing packets on two interfaces: eth0 and lo esolve esolve (Oct 31)
- Re: capturing packets on two interfaces: eth0 and lo Guy Harris (Oct 31)
- Re: capturing packets on two interfaces: eth0 and lo esolve esolve (Oct 31)
- Re: capturing packets on two interfaces: eth0 and lo Guy Harris (Oct 31)
- Re: capturing packets on two interfaces: eth0 and lo esolve esolve (Oct 31)
- Re: capturing packets on two interfaces: eth0 and lo Guy Harris (Oct 31)