Wireshark · Wireshark-users: Re: [Wireshark-users] Use tcpdump to capture for Wireshark?

Wireshark-users: Re: [Wireshark-users] Use tcpdump to capture for Wireshark?

Date: Tue, 24 Oct 2006 13:55:22 -0400

John,

You might also need/want to add "-s0" to let it capture the entire
packet including payload. This will let Wireshark do a better job at
decoding the protocol.
(By default tcpdump will only grab the first 68 bytes.)

Jim

----- Original Message -----
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tuesday, October 24, 2006 1:26 pm
Subject: Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>

> John Oliver wrote:
> > I redirected the output of tcpdump to an ASCII text file, but 
> Wireshark> doesn't like that.  How can I capture traffic with 
> tcpdump in a format
> > that Wireshark will understand?
> 
> By using the "-w" flag.  (That's also how you capture traffic with 
> tcpdump in a format that tcpdump will understand, and that some 
> other 
> free and commercial tools will understand.  It's libpcap format, 
> the 
> same format that Wireshark/TShark uses.)
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>

Follow-Ups:
- Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
  - From: John Oliver

References:
- [Wireshark-users] Use tcpdump to capture for Wireshark?
  - From: John Oliver
- Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
Next by Date: Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
Previous by thread: Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
Next by thread: Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
Index(es):
- Date
- Thread