I am capturing network traffic by using tcpdump. The problem is: I can't see all capture data when the package is too long. For example, when the tcp frame length is more than 500, I just see 100-200 or less. How to display all frame data(500+)?
I have tried add -vv
and -vvv
parameter. This is my current command:
tcpdump -i eth1 tcp and host 10.27.13.14 and port 6973 -vv -X -c 1000
The "-w" option lets you write the output of tcpdump to a file which you can save for further analysis. The "-r" option lets you read the output of a file. All you have to do is use the "-r" option with tcpdump command and specify the path of the file you want to read.
tcpdump writes raw packets and creates a binary file that cannot be read with a regular text editor. If you want to run tcpdump in the background , add the ampersand symbol ( & ) at the end of the command. The capture file can also be inspected with other packet analyzer tools such as Wireshark.
The tcpdump can also adjust output formats by using -X for hex or -A for ASCII. With the -A option, ASCII is displayed.
Add -s0
parameter:
tcpdump -i eth1 tcp and host 10.27.13.14 and port 6973 -s0 -vv -X -c 1000
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With