How do I arrange to capture only packets of interest?

retag add tags

Hi, my PCAP files for 2 hours of sniffing are around 50GB.

I am using kali linux on a VM. I have ettercap doing ARP poisoning

RP poisoning victims:

GROUP 1 : 192.168.1.1 08:55:31:36:74:75

GROUP 2 : 192.168.1.14 B0:35:B5:D7:FC:D7

what should the file size be? how to fix the issue?

thanks a lot

mackmester

asked 2021-05-06 07:00:09 +0000

19.9k

Guy Harris

updated 2021-05-07 05:38:19 +0000

edit flag offensive 0 remove flag close merge delete

Comments

what should the file size be?

A function of the number of packets captured and of the average size of the packets captured. :-)

On how many interfaces are you capturing, and how fast are those interfaces?

Guy Harris (2021-05-06 07:36:01 +0000) edit

Frankly, 50GB in 2 hours is not that much if you are playing around. So the problem might be mainly your assumption. And I expect that the sort of thing you are doing will result in mch more traffic getting send to your client..

hugo.vanderkooij (2021-05-06 08:44:02 +0000) edit

my intent was to capture just what goes on between 192.168.1.1 and 192.168.1.14 i don't need everything else captured on my network

but it seems like its capturing everything..

how do i make it capture just the traffic for 192.168.1.14 & 192.168.1.1 (the exchanges between them)

mackmester (2021-05-06 11:07:29 +0000) edit

add a comment see more comments

How do I arrange to capture only packets of interest?

Comments

1 Answer

Comments

Your Answer

How do I arrange to capture only packets of interest? edit

Comments

1 Answer

Comments

Your Answer

How do I arrange to capture only packets of interest?