Prepping tcpdump output for Wireshark(or other tools) for analysis

Follow

Problem: I want to analyze network data that I pull from a TCPDUMP in Wireshark, ngrep or Cocoa Packet Analyzer

 

Solution: For this, you need a binary capture (.pcap) to feed into those tools. In order to format your tcpdump for that, use the following example: 

 

tcpdump -i [device] -s 1634 -w [filename.pcap] port 8773

 

-s allows you adjust snaplength, to ensure that tcpdump does not truncate any packets. -w writes the binary packets to a .pcap file. 

After you watch your wire, you can then feed this file into the analyzer of your choice. 

eg

[root@odc-c-06 ~]# tcpdump -i em1 -s 1634 -w cc.pcap port 8773
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1634 bytes
^C50 packets captured
50 packets received by filter

 

Have more questions? Submit a request

Comments

Powered by Zendesk