Re: tcpdump?

To: debian-user@lists.debian.org
Subject: Re: tcpdump?
From: Tzafrir Cohen <tzafrir@cohens.org.il>
Date: Sun, 21 Feb 2010 18:11:31 +0000
Message-id: <[🔎] 20100221181130.GW16560@pear.tzafrir.org.il>
In-reply-to: <[🔎] SNT125-W267EB285B827ED99DFE17CDB450@phx.gbl>
References: <[🔎] SNT125-W267EB285B827ED99DFE17CDB450@phx.gbl>

On Sat, Feb 20, 2010 at 06:05:50AM +0000, Hadi Motamedi wrote:
> 
> Dear All
> I have put tcpdump trace on port 4957 on my Debian server , as the following :
> #tcpdump port 4957
> I want to obtain the payload data to see what is realy being exchanged between my Debian server and the outside network element . Can you please let me know how I can modify my command ?


tcpdump -s0 -w output.pcap port 4957


Consider also adding -n if name resolution takes extra time.

This will send output to output.pcap .

Later on run:

  wireshark output.pcap

and analyze the flows there.

Naturally you can use other programs.

-- 
Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
ICQ# 16849754         |                    | friend

Reply to:

Follow-Ups:
- RE: tcpdump?
  - From: Hadi Motamedi <motamedi24@hotmail.com>

References:
- tcpdump?
  - From: Hadi Motamedi <motamedi24@hotmail.com>

Prev by Date: xawtv: XF86DGANoDirectVideoMode error
Next by Date: Re: tcpdump?
Previous by thread: RE: tcpdump?
Next by thread: RE: tcpdump?
Index(es):
- Date
- Thread