Hello, When you say you have no outbound traffic, it may be normal.
You want to capture flows Ipsec? if so, do you have packet that moved through the tunnel? is: tcpdump -i eth0 -n -s 0 -vv \(port 500 or port 4500 or proto 50\) no specifying host and send a sample Regards, fred -- On 13 February 2011 15:15, Kaushal Shriyan <kaushalshri...@gmail.com> wrote: > On Fri, Feb 11, 2011 at 8:40 PM, Kaushal Shriyan > <kaushalshri...@gmail.com>wrote: > > > On Fri, Feb 11, 2011 at 4:49 PM, frederic lubrano < > > frederic.lubr...@gmail.com> wrote: > > > >> tcpdump -i eth0 -n -s 0 -vv \(port 500 or port 4500 or proto 50\) and > >> host > >> xxx.xxx.xxx.xxx > >> -- > >> > >> > > Hi Frederic > > > > Not sure I understand the command *tcpdump -i eth0 -n -s 0 -vv \(port 500 > > or port 4500 or proto 50\) and host xxx.xxx.xxx.xxx* > > > > What does port 500 4500 and proto 50 mean and how about src host and > > destination host since you have mentioned about only one > > " host xxx.xxx.xxx.xxx" > > > > Please help me understand. > > > > Thanks > > > > Kaushal > > > > > Hi Frederic > > I was eagerly waiting for your reply. Please help me understand. > > Thanks > > Kaushal > > > > > > >> > >> On 11 February 2011 05:27, Kaushal Shriyan <kaushalshri...@gmail.com> > >> wrote: > >> > >> > On Thu, Feb 10, 2011 at 2:09 PM, Kaushal Shriyan > >> > <kaushalshri...@gmail.com>wrote: > >> > > >> > > Hi > >> > > > >> > > When i run the command tcpdump -i eth0 -s0 host IP and host IP , I > >> just > >> > see > >> > > only incoming traffic and not outgoing traffic. I am using IPSec > >> > > Application. > >> > > > >> > > Please suggest/guide and let me know if you need any further > >> information. > >> > > > >> > > Thanks > >> > > > >> > > Kaushal > >> > > > >> > > > >> > > >> > Hi > >> > > >> > Can someone please guide/suggest me about my earlier post to this > >> Mailing > >> > List. > >> > > >> > Thanks > >> > > >> > Kaushal > >> > - > >> > This is the tcpdump-workers list. > >> > Visit https://cod.sandelman.ca/ to unsubscribe. > >> > > >> - > >> This is the tcpdump-workers list. > >> Visit https://cod.sandelman.ca/ to unsubscribe. > >> > > > > > - > This is the tcpdump-workers list. > Visit https://cod.sandelman.ca/ to unsubscribe. > - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
