Wireshark-users: Re: [Wireshark-users] file format question
From: Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>
Date: Mon, 22 Aug 2011 22:33:28 +0200
On Aug 22, 2011, at 10:08 PM, János Löbb wrote: > Hi, > > I do this on an Ubuntu 10.04 server: > > root@doppio:~# tcpdump -c1000 net xxx.yy.zz.0/24 > /tmp/tcpdump.pcap > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes > 1000 packets captured > 1058 packets received by filter > > Then I copy it down to my Mac where I have wireshark installed. Version 1.3.4 (SVN Rev 32340 from /trunk) > > In the finder the file gets the right icon. When I double click it, Wireshark is thinking for a few seconds, than puts this message up: > > The file "/Volumes/Home/janos/tcpdump.pcap" isn't a capture file in a format Wireshark understands. > > So the question is how should I do the tcpdump on Ubuntu to be able to open it in Wireshark on my Mac ? I guess you want to store the packets in .pcap format. This requires a -w /tmp/tcpdump.pcap argument... Best regards Michael > > Thanks ahead, > > János > > > ___________________________________________________________________________ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe >
- References:
- [Wireshark-users] file format question
- From: János Löbb
- [Wireshark-users] file format question
- Prev by Date: Re: [Wireshark-users] file format question
- Next by Date: Re: [Wireshark-users] file format question
- Previous by thread: Re: [Wireshark-users] file format question
- Next by thread: [Wireshark-users] So what use does the "-Q" flag have?
- Index(es):