tcpdump with multiple dst IP addresses?

Question

Can I specify more than 1 dst ip address for tcpdump? If not, how shall I filter the information nicely if I only want the traffic for two specific destinations? Thank you very much!

score 14 · Accepted Answer · answered Jan 13 '14 at 18:41

14

Yes, you could have a filter with multiple "dst host XXX.XXX.XXX.XXX" clauses connected by "or", such as "dst host 192.9.200.1 or dst host 192.9.200.2".

answered Jan 13 '14 at 18:41

score 2 · Answer 2 · answered Mar 08 '17 at 07:09

2

Yes you can add multiple source or destination ip addresses for tcpdump as a filter to your capture. Use "dst host XXXXXX or dst host XXXXX or dst host XXXX" as a filter after your tcpdump command.

you can find several other filters with example on: http://rationallyparanoid.com/articles/tcpdump.html

answered Mar 08 '17 at 07:09

Prashant Kumar

2,057
2
9
22

1

It's like, a repeated answer, isn't it :/ ? – ivanleoncz Apr 12 '18 at 18:28
May look like repeated but i tried to explain in my own words. Also I gave a link which is more helpful than any written answers. #peace – Prashant Kumar Apr 18 '18 at 06:16
Dead link as of 16 March 2021 – LapplandsCohan Mar 16 '21 at 13:03
Archive link: https://web.archive.org/web/20190213191324/https://www.rationallyparanoid.com/articles/tcpdump.html – PFudd Dec 18 '22 at 05:17

tcpdump with multiple dst IP addresses?

2 Answers2