You should do tcpdump -w tcpdump.txt to grap the tcp traffic and dump the the raw data. Now to read it you can do
tcpdump -r tcpdump.txt to read it (the -r is the only way to read this file) Now when you do a tcpdump with a -w you can later on go and modified the output on the file with other options for tcpdump.-N, -X or you can even output this file to etherreal for viewing the traffic. Rob ----- Original Message ----- From: "Frederic Baert Cen-IT" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, July 09, 2002 8:53 AM Subject: RE: How to use tcpdump And what about piping that to file for viewing at your leisure | filename fred -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: 09 July 2002 07:56 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: How to use tcpdump Hi Daniel, try this: # tcpdump -i eth1 host 192.168.0.33 Use the following: host Specifies an IP address port Specifies a port number There should be a help function. PS: Are you using a Nokia IP530 device? Daniel Nyström <exce@netwinder. To: [EMAIL PROTECTED] nu> cc: Subject: How to use tcpdump 08/07/2002 10:21 Please respond to exce Hello.. when I start tcpdump by just issuing bash# tcpdump or bash# tcpdump -i eth1 the packets roll by to fast.. or to specify.. it logs all packets but I'm only interested in a few of them. How do I limit the output so that only.. lets say.. UDP packets coming from 192.168.0.33 is shown? Or, lets say I want to see the package that BitchX sends bitchx.com at the first startup..? Thanks in advance, Daniel -- /*********************************** * Daniel Nyström, Telhack 026 Inc. * ***********************************/ http://www.SweSec.tk http://www.telhack.tk ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************