Using these below command im verifying traffic flow on a interface.
tcpdump -i v100 -nnvXSs 0 -w /tmp/tr.pcap
tcpdump -nnvXSs 0 -A -r /tmp/tr.pcap "src host ${client_ip}"
Result should contain ${client_ip}
But how do I verify there is no packets in the .pcap file? And also how do I verify all traffic passes through?
I would write a python module tcpdump_util and use the python pyshark package.
def collect_capture(file='tr.pcap'):
return pyshark.FileCapture(file)
def get_capture_length(capture):
return len([packet for packet in capture])
That could give you the number of packets captured. As for verification... I am not sure. You might have to capture on both sides?