Posted on 2010-07-21
I recently needed to run tcpdump and these are my notes on getting it to work correctly.
-s 0(capture the complete packet)
-n(don't try to convert numeric ip/port)
-w filename.pcap(save to file)
port nnnn(capture anything going to or from port nnnn)
Use Control-C to stop the capture (it closes the file gracefully).
Use WireShark to open the
Tags: tcpdump WireShark TCP