> Date: Wed, 24 Feb 2010 18:44:12 +1100 > Subject: RE: netstat ? > From: tim@clewlow.org > To: debian-user@lists.debian.org > > >> > >> tcpdump host 172.16.4.1 -XX > >> > >> if you want to save the data in a file for later analysis > >> > >> tcpdump host 172.16.4.1 -XX >> somefile > >> > >> ****** > >> > >> if you want to know why you are doing this > >> > >> man tcpdump > >> > >> Regards, Tim. > >> > >> > >> > > > > Thank you for your reply . Sorry , Is this equal to the following ? > > > > #tcpdump dst 172.16.4.1 > > > > But the payload data is not human readable , even if adding '-XX' > > switch . Can you please let me know if I need to use another > > appropriate swit ch or it comes from the fact that the protocol is > > some proprietary one ? > x > > tcpdump dst 172.16.4.1 > > Will give you a summary of packets that are going to (dst) 172.16.4.1 > > If you want the payload you need the -XX switch, also, tcpdump > defaults to only capture 96 bytes, if you want the full payload do > > tcpdump dst 172.16.4.1 -XX -s 0 > > This will give you hex and ascii representations of all data being > sent to 172.16.4.1. However, the data may not be human readable. For > example, if the data is actually a mp3 file, then converting the > packet to ascii wont mean it makes any sense as ascii, but if the > data is a text file, then converting the packet to ascii probably > will make it readable. > > HTH, Tim. > > > > -- > To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > Archive: http://lists.debian.org/[🔎] d145ed05234b24ee6a9a52dc7c9382e1.squirrel@192.168.1.100 > Thank you for your reply . I tried like the following to capture the payload data from some text file exchanged in between : #tcpdump -s 0 -XX src 172.16.4.1 But I cannot see any human readable text being captured . Can you please correct me what I am doing wrong here ? Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now. |