Wireshark mailing list archives

Re: file format question

From: Stephen Fisher <steve () stephen-fisher com>
Date: Mon, 22 Aug 2011 14:50:01 -0600

On Mon, Aug 22, 2011 at 01:28:48PM -0700, Guy Harris wrote:

With the "-w" flag, to get it to write out the raw packet data in pcap 
format, rather than writing out the dissected packets as text:

      tcpdump -c1000 -w /tmp/tcpdump.pcap net xxx.yy.zz.0/24


... and using "-s 0" to change the snaplen in order to capture the 
entire packets is usually desirable.  Otherwise, you'll only get the 
first 68 bytes of every packet.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

file format question János Löbb (Aug 22)
- Re: file format question Bill Meier (Aug 22)
- Re: file format question Guy Harris (Aug 22)
  - Re: file format question Stephen Fisher (Aug 22)
- Re: file format question Michael Tuexen (Aug 22)