| No Comments | No TrackBacks

D.3. tcpdump: Capturing with tcpdump for viewing with Wireshark
Prev  Appendix D. Related command line tools
D.3. tcpdump: Capturing with tcpdump for viewing with Wireshark
There are occasions when you want to capture packets using tcpdump rather than wireshark, especially when you want to do a remote capture and do not want the network load associated with running Wireshark remotely (not to mention all the X traffic polluting your capture).
However, the default tcpdump parameters result in a capture file where each packet is truncated, because tcpdump, by default, only captures the first 68 bytes of each packet.
To ensure that you capture complete packets, use the following command:
tcpdump -i <interface> -s 1500 -w <some-file>
You will have to specify the correct interface and the name of a file to save into. In addition, you will have to terminate the capture with ^C when you believe you have captured enough packets.
tcpdump is not part of the Wireshark distribution. You can get it from: for various platforms.


No TrackBacks

TrackBack URL:

Leave a comment


May 2016

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        

About this Entry

This page contains a single entry by 谷多 published on April 10, 2009 10:34 AM.

关于网页gzip was the previous entry in this blog.

让windows批处理脚本在后台运行 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.