Posted By Tony Marques on 03/26/2013 12:34 PM
Hi Steve,
After I read your post I realize what I was doing "wrong". I was limiting my tcptump to destination port 4000. Therefore, that would only give me traffic in one direction. I removed that option and I'm now seeing everything I want to see (too much in fact).
Thanks,
Tony
If you just do this:
tcpdump -ni <host> and <port>
this will capture all traffic to/from and to/from port 4000. This should limit the traffic to what you want, but still see both directions. Sorry about the original post, my gt and lt chars got munged...