Better yet, leave tcpdump ditching all the traffic into a file, then import this file on Wireshark.
Wireshark supports importing multiple packet dump formats, including libpcap and tcpdump. On Tue, Mar 10, 2009 at 4:16 PM, John R. Hogerhuis <[email protected]> wrote: > On Tue, Mar 10, 2009 at 3:55 PM, Dante Lanznaster <[email protected]> wrote: >> Use wireshark on a laptop to sniff what's going on. >> > > I'd second that, especially for quick looks at small traces. But if it > is going to be a long trace, and there's no X server on the box, leave > tcpdump running, capturing to a series of files. > > We do this in our lab as a "time machine" kind of thing. It's always > recording. If something funny happens during network communication > from one of our scripts we can pick up the most recent trace, and see > what happened. > > You can use tcpdump to filter the trace for what you want. Then just > load what you are interested in into Wireshark. > > Nothing beats a proper network trace for understanding what is > actually happening on the network. > > -- John. > _______________________________________________ > LinuxUsers mailing list > [email protected] > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >
