Menu
I want to have tcpdump write raw packet data into a file and also display packet analysis into standard output as the packets are captured (by analysis I mean the lines it displays normally when -w is missing). Can anybody please tell me how to do that?
891
The "-w" option lets you write the output of tcpdump to a file which you can save for further analysis. The "-r" option lets you read the output of a file. All you have to do is use the "-r" option with tcpdump command and specify the path of the file you want to read.
The tcpdump can also adjust output formats by using -X for hex or -A for ASCII. # tcpdump -i any -c4 -X tcpdump: data link type LINUX_SLL2 dropped privs to tcpdump tcpdump: verbose output suppressed, use -v[v]...
The Configuration utility creates the tcpdump file and a TAR file that contains tcpdump. These files are located in the /shared/support directory.
tcpdump allows you to specify network packets that are either using some port X as source or destination. For example, to capture DNS traffic, you can use port 53 . You could prefix the port keyword with src/dst as src port 53 or dst port 53 and filter it even further.
Here's a neat way to do what you want:
tcpdump -w - | tee somefile | tcpdump -r - What it does:
-w - tells tcpdump to write binary data to stdout tee writes that binary data to a file AND to its own stdout -r - tells the second tcpdump to get its data from its stdin
140
Since tcpdump 4.9.3 4.99.0, the --print option can be used:
tcpdump -w somefile --print Wednesday, December 30, 2020, by [email protected], denis and fxl. Summary for 4.99.0 tcpdump release [...] User interface: [...] Add --print, to cause packet printing even with -w. If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
