On Oct 31, 2012, at 7:18 AM, esolve esolve <esolvepolito@xxxxxxxxx> wrote:
> I'm capturing packets related to a program which uses a local socks proxy, the packets on eth0 are encrypted while the packets on lo are corresponding decrypted content.
>
> I'm wondering whether it is possible to simultaneously capturing packets on two interfaces: eth0 and lo, and output the packets into two different files?
Yes, by running two instances of tcpdump, dumpcap, TShark, or Wireshark.
It's also possible to simultaneously capture on two interfaces and output the packets into *one* file with a single instance of dumpcap, TShark, or Wireshark, but not tcpdump (which can't write pcap-ng files).
It's not possible to simultaneously capture on two interfaces and output the packets into separate files with one instance of any of the programs listed above.
