|Main Archive Page > Month Archives > wireshark-users archives|
On Aug 22, 2011, at 1:08 PM, János Löbb wrote:
> root@doppio:~# tcpdump -c1000 net xxx.yy.zz.0/24 > /tmp/tcpdump.pcap
That should be "> /tmp/tcpdump.txt"...
...because tcpdump's default output format is a textual dissection of the packets.
> The file "/Volumes/Home/janos/tcpdump.pcap" isn't a capture file in a format Wireshark understands.
Yup. Wireshark can't read tcpdump's (or Wireshark's/TShark's) textual dissection(s) of packets as a capture.
> So the question is how should I do the tcpdump on Ubuntu to be able to open it in Wireshark on my Mac ?
With the "-w" flag, to get it to write out the raw packet data in pcap format, rather than writing out the dissected packets as text:
tcpdump -c1000 -w /tmp/tcpdump.pcap net xxx.yy.zz.0/24
Sent via: Wireshark-users mailing list <email@example.com>