Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 2638 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filtering dropped packages

bonne
Hi.

What is the appropriate way to package capture dropped packets using tcpdump?

Lets say I want to capture all dropped packages on eth3 to or from 1.2.3.4?

I guess it is something like:

tcpdump -i eth3 host 1.2.3.4

... but as I see, this is only capturing passed packets. How to do the opposite?

Regards, Lars.


This thread was automatically locked due to age.
Parents
  • 0
    Ah ok, I see what you want.  TCPDump is just looking at the raw data in the packet headers (first 96bytes) and there isn't such a thing as drop.  I suppose you could filter for only FIN which is used to terminate a connection.  You might be better off looking in the firewall logs.
Reply
  • 0
    Ah ok, I see what you want.  TCPDump is just looking at the raw data in the packet headers (first 96bytes) and there isn't such a thing as drop.  I suppose you could filter for only FIN which is used to terminate a connection.  You might be better off looking in the firewall logs.
Children
No Data