Andrew G. Watters

Could you bridge the connections and capture on that interface? I haven't done that with tcpdump but I've done it with Snort, and it seems to work great. In testing...

I tried bridging with tcpdump today and it worked fine. Just tap the connection and bridge send and receive, and you get a capture file that shows everything.

> Not everything. AFAICS you'll get all packets intermingled with no information on which each interface each packet is from. You're right, I don't get interface in the capture on...

Thanks, actually I edited my post to remove the Mac OS X section because I realized that I was capturing on "any" interface rather than on a bridged connection, so...

As a start, I'm looking at identifying in the output which interface the packets came in on when capturing on a bridged connection. I'm new to this project; anyone know...