I am trying to troubleshoot one of my linux servers (ubuntu server). Therefore I want to intercept all traffic that is sent to the default gateway and then write it to a file: preferably some kind of pcap format that is readable by tcpdump and/or tshark.
Since I do not know, if the machine is infected by malware, I want to drop the whole traffic after it has been written to the file.
Is this scenario doable?
So far I was just able to intercept the traffic with tshark (the current default gateway comes from a bash script):
tshark host <current default gateway> -o traffic.pcap
