Re: the bug of use for 'more' for the file created with tcpdump

[Guy Harris <guy () alum mit edu>]

On Aug 4, 2011, at 2:11 AM, ． 嫒〆j々 wrote:

>    First I use tcpdump to wirite the information to a file . like this,'tcpdump host 192.168.1.198 -w a.txt'.

"a.txt" is a bad name for the file, because it's *not* a text file!

> Arter about three seconds,I press the 'CTRL+C".
>    Second, I use the "more" to view the information about a.txt . But After   I press the 'CTRL+C".  The word int 
> command window is like " [������├@┌������┌������├ ·]#   " .

Yes, it's a binary file, so you're not going to get anything very readable if you use "more" on it.  The bug is that 
you're using the wrong command to read the file, not that there's something wrong with tcpdump or more.  The file 
format was designed to be quickly writable and readable by programs, not easily readable by humans.

There are many programs that can read those files.  One of them is named "tcpdump". :-)

        tcpdump -r a.txt

I'd call it "a.pcap" in the future; ".pcap" is the closest thing to a standard suffix for those files.-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.