I need to capture traffic on a CentOS 5 server which acts as a web proxy with 2 wan interfaces and 1 LAN. In order to troubleshoot a weird proxy problem, I would like to have a capture of a full conversation. Since external connections are balanced between the two WAN interfaces, I wonder if is it possible to capture simultaneously on all interfaces.
I have used tcpdump previously but it only admits one interface at a time. I can launch 3 parallel processes to capture on all interfaces but then I end up with 3 different capture files.
What is the right way of doing this ?
Best Answer
According to the tcpdump man page:
On Linux systems with 2.2 or later kernels, an interface argument of ‘‘any’’ can be used to capture packets from all interfaces. Note that captures on the ‘‘any’’ device will not be done in promiscuous mode.
So you should be able to run:
tcpdump -i anyin order to capture data on all interfaces at the same time into a single capture file.