> Date: Sun, 21 Feb 2010 18:11:31 +0000 > From: tzafrir@cohens.org.il > To: debian-user@lists.debian.org > Subject: Re: tcpdump? > > On Sat, Feb 20, 2010 at 06:05:50AM +0000, Hadi Motamedi wrote: > > > > Dear All > > I have put tcpdump trace on port 4957 on my Debian server , as the following : > > #tcpdump port 4957 > > I want to obtain the payload data to see what is realy being exchanged between my Debian server and the outside network element . Can you please let me know how I can modify my command ? > > > tcpdump -s0 -w output.pcap port 4957 > > > Consider also adding -n if name resolution takes extra time. > > This will send output to output.pcap . > > Later on run: > > wireshark output.pcap > > and analyze the flows there. > > Naturally you can use other programs. > > -- > Tzafrir Cohen | tzafrir@jabber.org | VIM is > http://tzafrir.org.il | | a Mutt's > tzafrir@cohens.org.il | | best > ICQ# 16849754 | | friend > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > Archive: http://lists.debian.org/[🔎] 20100221181130.GW16560@pear.tzafrir.org.il > Thank you for your reply . I tried according to your comment , but still the intended exchanged command cannot be captured on the Wireshark analyze . Hotmail: Powerful Free email with security by Microsoft. Get it now. |