Date: Tue, 25 Jul 2006 11:42:01 -0700 From: Darrin Chandler <dwchandler@stilyagin.com> To: Steel City Phantom <scphantm@yahoo.com> Cc: freebsd-questions@freebsd.org Subject: Re: dumping net traffic to log file Message-ID: <20060725184201.GA31390@jeeves.stilyagin.local> In-Reply-To: <44C65765.4090401@yahoo.com> References: <44C51D80.8060306@yahoo.com> <20060725011022.GD27489@jeeves.stilyagin.local> <44C63BBE.90102@yahoo.com> <44C64486.3030005@mac.com> <44C65765.4090401@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 25, 2006 at 01:39:49PM -0400, Steel City Phantom wrote: > Great, im making good progress here. it seems like tcpdump only > captures the headers, is there a way to capture the entire packet, data > and all? In addition the the other fine answers you got, after you've written to a file with -w and are later reading it with -r you can raise the snaplength with -s to view a bit more without seeing the whole packet. Often that's a nice way to narrow things down when you don't yet know exactly what you're looking for. Also, you will want to get familiar with filter expressions, which may appear at the end of the tcpdump command: "tcpdump <...> host 192.168.10.100 and port 999" would only show traffic for port 999 to or from 192.168.10.11, for instance. -- Darrin Chandler | Phoenix BSD Users Group dwchandler@stilyagin.com | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060725184201.GA31390>