`Ethereal` User's Guide: V1.1 for Ethereal 0.9.7
<<< Previous		Next >>>

Related tools

Capturing with tcpdump for viewing with Ethereal

There are occasions when you want to capture packets using tcpdump rather than ethereal, especially when you want to do a remote capture and do not want the network load associated with running Ethereal remotely (not to mention all the X traffic polluting your capture).

However, the default tcpdump parameters result in a capture file where each packet is truncated, because tcpdump, by default, does not capture full packets.

To ensure that you capture complete packets, use the following command:

	tcpdump -i <interface> -s 1500 -w <some-file>

You will have to specify the correct interface and the name of a file to save into. In addition, you will have to terminate the capture with ^C when you believe you have captured enough packets.

<<< Previous	Home	Next >>>
Examples of troubleshooting		Tethereal, for terminal-based capturing