Parameters for tcpdump
July 21, 2010
I recently needed to run tcpdump and these are my notes on getting it to work correctly.
Parameters:- -s 0 (capture the complete packet)
- -n (don't try to convert numeric ip/port)
- -w filename.pcap (save to file)
- port nnnn (capture anything going to or from port nnnn)
Use Control-C to stop the capture (it closes the file gracefully).
Use WireShark to open the .pcap file.
Advertisement
