Wireshark · Ethereal-users: Re: [Ethereal-users] Ethereal & TCP dump

Ethereal-users: Re: [Ethereal-users] Ethereal & TCP dump

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Thu, 24 Oct 2002 11:31:01 -0700

On Thu, Oct 24, 2002 at 07:50:30PM +0200, COLIN Stï¿½phane wrote:
> Juste open the file in ethereal (tcpdump format is supported dirrectly).

In fact, tcpdump format is Ethereal's *native* format (if you capture
with Ethereal, it saves the file in tcpdump format).

Note, however, that tcpdump defaults to a very short "snapshot length",
so only the first 68 or so octets of a packet are captured, by default;
the "-s" flag to tcpdump can be used to specify a larger snapshot
length, for example "-s 65535" should capture all the data in a packet
on most network types.

References:
- [Ethereal-users] Ethereal & TCP dump
  - From: Morel Olivier FRF
- Re: [Ethereal-users] Ethereal & TCP dump
  - From: COLIN Stéphane

Prev by Date: Re: [Ethereal-users] Ethereal & TCP dump
Next by Date: [Ethereal-users] Stripping GRE encapsulation
Previous by thread: Re: [Ethereal-users] Ethereal & TCP dump
Next by thread: [Ethereal-users] Stripping GRE encapsulation
Index(es):
- Date
- Thread