偶尔从同事那里学到的,原来可以这样:
http://www.wireshark.org/docs/wsug_html_chunked/AppToolstcpdump.html
D.3. tcpdump: Capturing with tcpdump for viewing with Wireshark
Prev Appendix D. Related command line tools
D.3. tcpdump: Capturing with tcpdump for viewing with Wireshark
There are occasions when you want to capture packets using tcpdump rather than wireshark, especially when you want to do a remote capture and do not want the network load associated with running Wireshark remotely (not to mention all the X traffic polluting your capture).
However, the default tcpdump parameters result in a capture file where each packet is truncated, because tcpdump, by default, only captures the first 68 bytes of each packet.
To ensure that you capture complete packets, use the following command:
tcpdump -i <interface> -s 1500 -w <some-file>
You will have to specify the correct interface and the name of a file to save into. In addition, you will have to terminate the capture with ^C when you believe you have captured enough packets.
Note!
tcpdump is not part of the Wireshark distribution. You can get it from: http://www.tcpdump.org for various platforms.
--EOF--
Leave a comment