KB0013

It’s often more helpful to capture packets using tcpdump rather than wireshark, as it is available as a package in most Linux and BSD package managers. For example, you might want to do a remote capture and either don’t have GUI access or don’t have Wireshark installed on the remote machine.

Older versions of tcpdump truncate packets to 68 or 96 bytes. If this is the case, use -s to capture full-sized packets:

class="highlight">


1


$ tcpdump -i <interface> -s 65535 -w <file>

You must specify the correct interface and file name to save into. In addition, you will have to terminate the capture with Ctrl+C when you believe you have captured enough packets.
 Tags: tcpdump wireshark linux macos

 Related Posts

 Protecting Your Mastodon Instance with rapidblock

 KB0018

 KB0017

 KB0010

 Running Jekyll with systemd


 Share:    Facebook    LinkedIn 

   Previous Post 

  Next Post  




 



      Email me 

      Facebook 

      GitHub 

      Twitter 

      LinkedIn 

      Mastodon 


 Stephen Schwetz  •  2024  •   schwetz.au