: Capturing with tcpdump for viewing
There are occasions when you want to capture packets using
especially when you want to do a remote capture and do not want the
network load associated with running Wireshark remotely (not to
mention all the X traffic polluting your capture).
However, the default
parameters result in a
capture file where each packet is truncated, because
, by default, only captures the first 68
bytes of each packet.
To ensure that you capture complete packets, use the following command:
tcpdump -i <interface> -s 1500 -w <some-file>
You will have to specify the correct
the name of a
to save into. In addition,
you will have to terminate the capture with ^C when you believe you
have captured enough packets.
tcpdump is not part of the Wireshark distribution. You can get it from:
http://www.tcpdump.org for various