Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

with Wireshark
D.3. tcpdump : Capturing with tcpdump for viewing with Wireshark
Prev Appendix D. Related command line tools Next

D.3. tcpdump : Capturing with tcpdump for viewing with Wireshark

There are occasions when you want to capture packets using tcpdump rather than wireshark , especially when you want to do a remote capture and do not want the network load associated with running Wireshark remotely (not to mention all the X traffic polluting your capture).

However, the default tcpdump parameters result in a capture file where each packet is truncated, because tcpdump , by default, only captures the first 68 bytes of each packet.

To ensure that you capture complete packets, use the following command: 

tcpdump -i <interface> -s 1500 -w <some-file>

You will have to specify the correct interface and the name of a file to save into. In addition, you will have to terminate the capture with ^C when you believe you have captured enough packets.

[Note] Note!

tcpdump is not part of the Wireshark distribution. You can get it from: https://www.tcpdump.org for various platforms.

Prev Up Next
D.2. tshark : Terminal-based Wireshark Home D.4. dumpcap : Capturing with dumpcap for viewing with Wireshark

 
 
  Published under the terms fo the GNU General Public License Design by Interspire