iptrace for linux: how can I trace full packet contents?
10,628
The saved portion of each captured packet is defined by the snaplen option. In some distributions, the default snaplen is set to around 68 bytes. The packets are then truncated to 68 bytes, hiding some of the payload. You can save the complete packets by setting the snaplen to 0 (i.e. maximum) as follows: tcpdump -s0 -w test.pcap -i eth0
Related videos on Youtube
Author by
GManika
Updated on September 18, 2022Comments
-
GManika almost 2 years
I normally use
iptrace
on our AIX servers to get packet traces but have recently found out that this doesn't work for other 'nix systems - namely Centos.Does anyone know what the analog would be?
I've tried the following, but none seem to work as I expect:
697 sudo /usr/sbin/tcpdump -w test.pcap -i eth0 1010 sudo /usr/sbin/tcpdump port 80 1012 sudo /usr/sbin/tcpdump port 80 -i eth0 1015 sudo /usr/sbin/tcpdump -A port 80 -i eth0 1017 sudo /usr/sbin/tcpdump -w ~/capture.pcap port 80 -i eth0
I can see the header data in wireshark, but I can't seem to see the actual packet data.
-
GManika over 12 yearsUg, thank you! That was not obvious to me :)
-
Hanan N. over 12 years@javamonkey79 what about wireshark, is it the same as tcpdump ?