Posted on 2010-07-21
I recently needed to run tcpdump and these are my notes on getting it to work correctly.
Parameters:
-s 0 (capture the complete packet)-n (don't try to convert numeric ip/port)-w filename.pcap (save to file)port nnnn (capture anything going to or from port nnnn)Use Control-C to stop the capture (it closes the file gracefully).
Use WireShark to open the .pcap file.
Tags: tcpdump WireShark TCP