...
Based on manpage of tcpdump(8)
from Debian jessie's tcpdump
version 4.3.0-1
.
Option | Purpose | Example |
---|---|---|
-B buffersize | set buffer size to buffersize kilobytes | -b 4096 |
-c count | exit after count packets | -c 100 |
-F file | read filter expression from file | -F mycomplexfilter1.txt |
-i interface | Listen on interface | -i eth1 |
-w file | write packets to file rather than decoding them to stdout | -w mydump1.pcap |
-Z user | after opening input device but before opening output file change user ID to user useful to avoid chown-calls after each tcpdump run | -Z jdoe |
expression | 'expression' | filter expression, see manpage pcap-filter(7) and next chapter |
...
2. "interrupt" the ethernet connection with a Linux machine set up as software bridge. If successful maybe apply for a job with NSA or your country's sister organization.
Avoiding 'packets dropped by kernel'
Use -B
to increase the capture buffer size.
The size specified is in KB, i.e. -B 1024
sets the buffer to 1 MB.