Prepping tcpdump output for Wireshark(or other tools) for analysis


Problem: I want to analyze network data that I pull from a TCPDUMP in Wireshark, ngrep or Cocoa Packet Analyzer


Solution: For this, you need a binary capture (.pcap) to feed into those tools. In order to format your tcpdump for that, use the following example: 


tcpdump -i [device] -s 1634 -w [filename.pcap] port 8773


-s allows you adjust snaplength, to ensure that tcpdump does not truncate any packets. -w writes the binary packets to a .pcap file. 

After you watch your wire, you can then feed this file into the analyzer of your choice. 


[root@odc-c-06 ~]# tcpdump -i em1 -s 1634 -w cc.pcap port 8773
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 1634 bytes
^C50 packets captured
50 packets received by filter


Have more questions? Submit a request


Powered by Zendesk