Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
On Tue, Oct 24, 2006 at 01:55:22PM -0400, [EMAIL PROTECTED] wrote: > John, > > You might also need/want to add "-s0" to let it capture the entire > packet including payload. This will let Wireshark do a better job at > decoding the protocol. > (By default tcpdump will only grab the first 68 bytes.) Thanks for all the help! :-) -- *** * John Oliver http://www.john-oliver.net/ * * * *** ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
John, You might also need/want to add "-s0" to let it capture the entire packet including payload. This will let Wireshark do a better job at decoding the protocol. (By default tcpdump will only grab the first 68 bytes.) Jim - Original Message - From: Guy Harris <[EMAIL PROTECTED]> Date: Tuesday, October 24, 2006 1:26 pm Subject: Re: [Wireshark-users] Use tcpdump to capture for Wireshark? To: Community support list for Wireshark > John Oliver wrote: > > I redirected the output of tcpdump to an ASCII text file, but > Wireshark> doesn't like that. How can I capture traffic with > tcpdump in a format > > that Wireshark will understand? > > By using the "-w" flag. (That's also how you capture traffic with > tcpdump in a format that tcpdump will understand, and that some > other > free and commercial tools will understand. It's libpcap format, > the > same format that Wireshark/TShark uses.) > ___ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
John Oliver wrote: > I redirected the output of tcpdump to an ASCII text file, but Wireshark > doesn't like that. How can I capture traffic with tcpdump in a format > that Wireshark will understand? By using the "-w" flag. (That's also how you capture traffic with tcpdump in a format that tcpdump will understand, and that some other free and commercial tools will understand. It's libpcap format, the same format that Wireshark/TShark uses.) ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
try tcpdump -w filename.cap On 10/24/06, John Oliver <[EMAIL PROTECTED]> wrote: > I redirected the output of tcpdump to an ASCII text file, but Wireshark > doesn't like that. How can I capture traffic with tcpdump in a format > that Wireshark will understand? > > -- > *** > * John Oliver http://www.john-oliver.net/ * > * * > *** > ___ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] Use tcpdump to capture for Wireshark?
I redirected the output of tcpdump to an ASCII text file, but Wireshark doesn't like that. How can I capture traffic with tcpdump in a format that Wireshark will understand? -- *** * John Oliver http://www.john-oliver.net/ * * * *** ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
