Hi Andy,
Lots of interesting suggestions - one that I have used which works
decently is the bittwist family (works on most platforms including
Windows with pre-built binaries available). Just make sure you heed
Guy's warning - there are many other embedded fields and it's hard to
get them all in
Did you try dumpcap? It's included with Wireshark (the latest version
of Ethereal) and typically is much better at capturing because it
doesn't do any processing - it just dumps everything to a file. I've
used it in many situations where Wireshark/tshark would drop packets
(1Gbps+) because of