[Snort-sigs] Traffic Capture

wkitty42 at windstream.net wkitty42 at windstream.net
Fri Dec 8 04:43:46 EST 2017


On 12/08/2017 04:20 AM, Syed Hammad Tahir wrote:
> I am specifically interested in capturing the ARP request data. Any help will
> be appreciated.

if all you are wanting to do is capture traffic, why not use tcpdump or 
wireshark? that's what they do... something like this should do...

   tcpdump -i eth0 -s0 -w arp_traffic.pcap 'arp or icmp'

check the tcpdump docs to understand the options given...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*


More information about the Snort-sigs mailing list