NOTE: fw monitor operates above layer 2 and does not include mac address information - cant see ARP messages. tcpdump can see layer 2 ARP messages This is one of the most common tcpdump commands: (looks for packets from a src to dst, need to specify interface) tcpdump nn-i eth2 host 11.11.11.11 and host 22.22.22.22 08:02:15.043273 11.11.11.11.62044 > 22.22.22.22.https: S 1943270491:1943270491(0) win 65535 tcpdump -nni eth0 tcpdump -nni eth0 host 111.111.111.111 tcpdump -nni eth0 … [Read more...]