Question
Platform : Fedora 13, 32-bit machine I am running tshark in my client and rpcapd in my remote machine. Here is an example:-
Remote machine :- IP Address 192.168.100.100 (say) and Interface name - eth1 (say) bash$:- sudo ./rpcapd -n
Client side :- IP Address 192.168.100.200 bash$:- sudo tshark -w output.pcap -i rpcap://192.168.100.100/eth6 -f "ip proto 132"
Packet Capture is running successfully and packets are also being captured. But it also captures the packets to and from own machine's interfaces which are not related to remote machine's interface.
Please help me out to understand this..
Solution 2
The problem occurred due to promiscuous mode.
I tried this :
https://stackoverflow.com/questions/19843992
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian$sudo tshark -p -w output.pcap -i rpcap://192.168.100.100/eth6 -f "ip proto 132"
and it worked !! The option -p signifies that the interface will not be put on promiscuous mode.
Here are the details :- https://www.wireshark.org/docs/man-pages/tshark.html
OTHER TIPS
You can exclude traffic to your capture host by adding a filter:
tshark -f '(host not 192.168.100.200) and (ip proto 132)'
