Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




with Wireshark

D.3. tcpdump : Capturing with tcpdump for viewing with Wireshark

There are occasions when you want to capture packets using tcpdump rather than wireshark , especially when you want to do a remote capture and do not want the network load associated with running Wireshark remotely (not to mention all the X traffic polluting your capture).

However, the default tcpdump parameters result in a capture file where each packet is truncated, because tcpdump , by default, only captures the first 68 bytes of each packet.

To ensure that you capture complete packets, use the following command:

tcpdump -i <interface> -s 1500 -w <some-file>

You will have to specify the correct interface and the name of a file to save into. In addition, you will have to terminate the capture with ^C when you believe you have captured enough packets.

[Note] Note!

tcpdump is not part of the Wireshark distribution. You can get it from: for various platforms.

  Published under the terms fo the GNU General Public License Design by Interspire