Ethereal-users: Re: [Ethereal-users] New to capturing, ? about http authorizations

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Fri, 10 Dec 2004 11:31:44 -0800
Mike Partyka wrote:

Could i make tcpdump capture the necessary detail by using the snaplen
option, like:

tcpdump -s 0 -w tcp_cap 'dst host 192.168.10.1 && tcp port 80'

Or is it necessary to use the verbose switches like -v -vv or -vvv, like

tcpdump -vvv -s 0 tcp_cap 'dst host 192.168.10.1 && tcp port 80'

I know this isn't an ethereal question directly but since tcpdump is on
almost every box it's handy for performing the capure and then analying the
capture in ethereal.
If you want to perform the capture and then analyze the capture in Ethereal, you should use the snaplen option (note that older versions of tcpdump don't support "-s 0" as meaning "-s 65535"), and you should use the "-w" flag so that the file is written in libpcap format. If you use the "-w" flag, the "-v" flag has no effect - "-v" only affects the format of dissected text output from tcpdump, and if you capture with "-w" it writes raw packet data, not dissected text output.