Wireshark · Ethereal-users: Re: [Ethereal-users] Reading tcpdump file on BSD

Ethereal-users: Re: [Ethereal-users] Reading tcpdump file on BSD

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <gharris@xxxxxxxxx>

Date: Wed, 28 Aug 2002 14:13:01 -0700

On Wed, Aug 28, 2002 at 02:02:12PM -0700, BIT Net Services wrote:
> To view a tcpdump from a bsd machine, make sure to specify -w option when
> creating the tcpdump. 

To view a tcpdump from *ANY* machine, including a WinDump from a Windows
machine, in Ethereal (or in Tethereal, or in tcpdump itself) make sure
to specify "-w" when creating the tcpdump.  This isn't BSD-specific.

(The same applies to Tethereal; a similar thing applies to Sun's snoop,
but the option for snoop is "-o" rather than "-w".)

Also, for tcpdump/WinDump (but not for Tethereal or snoop), note that
the default snapshot length is somewhere between 68 and 96 bytes, so, by
default, you will not get most of the data from a large packet, which
means you may not get enough data to get meaningful information if
you're trying to look at the behavior of protocols running *atop* TCP or
UDP.  You may want to use the "-s" option to choose a larger snapshot
length, in addition to the "-w" option.

References:
- [Ethereal-users] Reading tcpdump file on BSD
  - From: BIT Net Services

Prev by Date: [Ethereal-users] Reading tcpdump file on BSD
Next by Date: Re: [Ethereal-users] WinPCap driver not working?
Previous by thread: [Ethereal-users] Reading tcpdump file on BSD
Next by thread: [Ethereal-users] Compilation error on AIX with version 0.9.6
Index(es):
- Date
- Thread