I'm trying to figure out why my MacBook is unable to reach the web page served by my Raspberry Pi while other computers on my local network (or on external networks) have no problems seeing the web page.
Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto (and often de jure) standard across many industries and educational institutions.
I have the doubt which involved following configuration.
Comp1 sends icmp packet to main. Main takes that packet and changes destination address to comp2 and source address to it own.
I can capture the packet send from comp1 to main using netfilter. I can see the packet and its content.
I have a server with a NT20E Capture Card (2x10Gb Packet Capture Card over PCI Express). I want to be able to dump the output to a pcap format but because this isn't listed as an ethX-interface tcpdump is unable to capture data.
My question now: how am I able to dump the data that this card receives on it's interfaces?
I am trying to setup a Filter (so my log files aren't massive) that will capture only incoming traffic. I have looked on http://wiki.wireshark.org/CaptureFilters but so far have been unable to find a way to do this. Does anyone know how?
Just as a side question, when logging to multiple files in Wireshark, can you view full packet information at a later time?