how can I dump only outgoing IP packets in tcpdump?

ip packet packet-capture tcpdump arp
Ricky Robinson picture Ricky Robinson · Jun 5, 2012 · Viewed 24.8k times · Source

I'm dumping outgoing traffic. I only want TCP and UDP packets destined outside my LAN, nothing else. I just used the following filter with tcpdump:

ip and (tcp or udp) and (not icmp) and src host myIPAddr and not dst net myNet/myNetBits and not ip broadcast

But I captured the following packet:

###[ Ethernet ]###
  dst       = ff:ff:ff:ff:ff:ff
  src       = 00:1e:4a:e0:9e:00
  type      = 0x806
###[ ARP ]###
     hwtype    = 0x1
     ptype     = 0x800
     hwlen     = 6
     plen      = 4
     op        = who-has
     hwsrc     = 00:1e:4a:e0:9e:00
     psrc      = X.X.X.X
     hwdst     = 00:00:00:00:00:00
     pdst      = Y.Y.Y.Y
###[ Padding ]###
        load      = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'

What happened here? I thought I was dumping only IP packets.

Answer

Antonio Petricca picture Antonio Petricca · Mar 5, 2018

Set filtering on your host as a source:

tcpdump src <YOUR_IP>

Related questions

Send packet and change its source IP

Lets say I have an application written in python to send a ping or e-mail. How can I change the source IP address of the sent packet to a fake one, using, e.g., Scapy? Consider that that the IP …

Read More
How can I send a simple HTTP request with a lwIP stack?

Please move/close this if the question isn't relevant. Core: Cortex-M4 Microprocessor: TI TM4C1294NCPDT. IP Stack: lwIP 1.4.1 I am using this microprocessor to do some data logging, and I want to send some information to a separate web …

Read More
Send Raw IP packet in C#, everything above the ethernet layer

I don't want to modify the ethernet portions of the frame, but I need to modify the IP packet and the data portion of the frame. I try sending a raw frame and it still puts in the IP information. …

Read More