Wireshark-users: Re: [Wireshark-users] file format question
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 22 Aug 2011 13:28:48 -0700
On Aug 22, 2011, at 1:08 PM, János Löbb wrote: > root@doppio:~# tcpdump -c1000 net xxx.yy.zz.0/24 > /tmp/tcpdump.pcap That should be "> /tmp/tcpdump.txt"... ...because tcpdump's default output format is a textual dissection of the packets. > The file "/Volumes/Home/janos/tcpdump.pcap" isn't a capture file in a format Wireshark understands. Yup. Wireshark can't read tcpdump's (or Wireshark's/TShark's) textual dissection(s) of packets as a capture. > So the question is how should I do the tcpdump on Ubuntu to be able to open it in Wireshark on my Mac ? With the "-w" flag, to get it to write out the raw packet data in pcap format, rather than writing out the dissected packets as text: tcpdump -c1000 -w /tmp/tcpdump.pcap net xxx.yy.zz.0/24
- Follow-Ups:
- Re: [Wireshark-users] file format question
- From: Stephen Fisher
- Re: [Wireshark-users] file format question
- References:
- [Wireshark-users] file format question
- From: János Löbb
- [Wireshark-users] file format question
- Prev by Date: Re: [Wireshark-users] file format question
- Next by Date: Re: [Wireshark-users] file format question
- Previous by thread: Re: [Wireshark-users] file format question
- Next by thread: Re: [Wireshark-users] file format question
- Index(es):
