[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: netstat ?

>>
>> tcpdump host 172.16.4.1 -XX
>>
>> if you want to save the data in a file for later analysis
>>
>> tcpdump host 172.16.4.1 -XX >> somefile
>>
>> ******
>>
>> if you want to know why you are doing this
>>
>> man tcpdump
>>
>> Regards, Tim.
>>
>>
>>
>
> Thank you for your reply . Sorry , Is this equal to the following ?
>
> #tcpdump dst 172.16.4.1
>
> But the payload data is not human readable , even if adding '-XX'
> switch . Can you please let me know if I need to use another
> appropriate switch or it comes from the fact that the protocol is
> some proprietary one ?
x

    tcpdump dst 172.16.4.1

Will give you a summary of packets that are going to (dst) 172.16.4.1

If you want the payload you need the -XX switch, also, tcpdump
defaults to only capture 96 bytes, if you want the full payload do

    tcpdump dst 172.16.4.1 -XX -s 0

This will give you hex and ascii representations of all data being
sent to 172.16.4.1. However, the data may not be human readable. For
example, if the data is actually a mp3 file, then converting the
packet to ascii wont mean it makes any sense as ascii, but if the
data is a text file, then converting the packet to ascii probably
will make it readable.

HTH, Tim.
Reply to: