I'm dumping outgoing traffic. I only want TCP and UDP packets destined outside my LAN, nothing else. I just used the following filter with tcpdump:
ip and (tcp or udp) and (not icmp) and src host myIPAddr and not dst net myNet/myNetBits and not ip broadcast
But I captured the following packet:
###[ Ethernet ]###
dst = ff:ff:ff:ff:ff:ff
src = 00:1e:4a:e0:9e:00
type = 0x806
###[ ARP ]###
hwtype = 0x1
ptype = 0x800
hwlen = 6
plen = 4
op = who-has
hwsrc = 00:1e:4a:e0:9e:00
psrc = X.X.X.X
hwdst = 00:00:00:00:00:00
pdst = Y.Y.Y.Y
###[ Padding ]###
load = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
What happened here? I thought I was dumping only IP packets.
Set filtering on your host as a source:
tcpdump src <YOUR_IP>