Sigh.

I've looked the manual over for tcpdump:

http://www.tcpdump.org/tcpdump_man.html

I've tried the commands:

---
jim@jim-lappy:~$ sudo tcpdump -s 0 -w -i file.pca host 10.0.1.4
[sudo] password for jim:
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: syntax error
jim@jim-lappy:~$ sudo tcpdump -s 0 -w -i any file.pca host 10.0.1.4
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: syntax error
jim@jim-lappy:~$ sudo tcpdump -s 0 -w -i any file.pca
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: syntax error
jim@jim-lappy:~$
---

The man page doesn't give enough examples to tell me how to do this.  Dangit...any idea what the exact syntax might be?

WAIT, nevermind, on a hunch I tried using Wireshark with sudo.  Bingo.  Would have been nice to know...sigh.

Jim

On Tue, Feb 22, 2011 at 12:15 PM, Matt Graham <danceswithcrows@usa.net> wrote:
From: Jim March <1.jim.march@gmail.com>
> jim@jim-lappy:~$ sudo tcpdump -s 0 -w file.pca host 10.0.1.4
> tcpdump: WARNING: eth0: no IPv4 address assigned
> tcpdump: listening on eth0, link-type EN10MB (Ethernet)
>
> This comes closer, but...it's still listening on eth0.
> How do I point it to wlan0?

The Fine Manual for tcpdump suggests the -i option.  tcpdump goes to the
lowest-numbered interface by default, which is sensible, but is not always
what you want.

--
Matt G / Dances With Crows
The Crow202 Blog:  http://crow202.org/wordpress/
There is no Darkness in Eternity/But only Light too dim for us to see

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss