I have a completely noob question. I want to see all packets that come to my computer from particular site (google.com). So I start tcpdump
sudo tcpdump -i eth0 host google.com
and enter google.com in a browser and hit enter – nothing gets captured.
I can't figure out why it happen.
What do I do wrong?
Edit
It appeared that I was listening to the wrong interface. I had changed eth0 to any and it worked. It was ppp1 that needed listening. Thanks for your answers!
Best Answer
There are several possibilities.
1- You are listening on the wrong the interface
eth0,eth1, etc.2- You did not wait enough for the packets to show up. Packets are not shown immediately unless you specify
-nto disable name resolution.3- You are filtering based on the wrong IP address as suggested by "Nathan Adams".