>>
>> tcpdump host 172.16.4.1 -XX
>>
>> if you want to save the data in a file for later analysis
>>
>> tcpdump host 172.16.4.1 -XX >> somefile
>>
>> ******
>>
>> if you want to know why you are doing this
>>
>> man tcpdump
>>
>> Regards, Tim.
>>
>>
>>
>
> Thank you for your reply . Sorry , Is this equal to the following ?
>
> #tcpdump dst 172.16.4.1
>
> But the payload data is not human readable , even if adding '-XX'
> switch . Can you please let me know if I need to use another
> appropriate switch or it comes from the fact that the protocol is
> some proprietary one ?
x
tcpdump dst 172.16.4.1
Will give you a summary of packets that are going to (dst) 172.16.4.1
If you want the payload you need the -XX switch, also, tcpdump
defaults to only capture 96 bytes, if you want the full payload do
tcpdump dst 172.16.4.1 -XX -s 0
This will give you hex and ascii representations of all data being
sent to 172.16.4.1. However, the data may not be human readable. For
example, if the data is actually a mp3 file, then converting the
packet to ascii wont mean it makes any sense as ascii, but if the
data is a text file, then converting the packet to ascii probably
will make it readable.
HTH, Tim.
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/d145ed05234b24ee6a9a52dc7c9382e1.squir...@192.168.1.100
