On Aug 22, 2011, at 10:08 PM, János Löbb wrote:
> Hi,
>
> I do this on an Ubuntu 10.04 server:
>
> root@doppio:~# tcpdump -c1000 net xxx.yy.zz.0/24 > /tmp/tcpdump.pcap
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
> 1000 packets captured
> 1058 packets received by filter
>
> Then I copy it down to my Mac where I have wireshark installed. Version 1.3.4 (SVN Rev 32340 from /trunk)
>
> In the finder the file gets the right icon. When I double click it, Wireshark is thinking for a few seconds, than puts this message up:
>
> The file "/Volumes/Home/janos/tcpdump.pcap" isn't a capture file in a format Wireshark understands.
>
> So the question is how should I do the tcpdump on Ubuntu to be able to open it in Wireshark on my Mac ?
I guess you want to store the packets in .pcap format. This requires
a -w /tmp/tcpdump.pcap argument...
Best regards
Michael
>
> Thanks ahead,
>
> János
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
