Hi Thanks for your answer.
And one more thing, we are using tcpdump -w dump.pcap means the whole raw packet will be stored or only 96 bytes(default) of the packet will be stored in dump.pcap?? If only 96 bytes will be stored then we cann't get the correct output for tcpdump -s 200 -r dump.pcap right? On 2/22/06, Hannes Gredler <[EMAIL PROTECTED]> wrote: > > > > Latha G wrote: > > Hi all, > > > > Thanks for your support till now. > > I want to clarify few things about the tcpdump -r option > > I just used tcpdump -w dump.pcap > > The -r option is used just to read back what we stored using -w option > or > > can we use the dump.pcap file as network and we can apply all options & > > filters > > i mean like tcpdump -n -c 1 -r dump.pcap (or) tcpdump -A -r dump.pcap > > can i apply any filter expression and options on this file... > > is it ok... > > since i didn't use any option or filter while capturing it through -w > > option.. > > is the output what i get from tcpdump -n -c 1 -r dump.pcap looks same as > > tcpdump -n -c 1 or any difference is there? > > there won't be any difference > > > Means what i want to clarify is , Is the behaviour of tcpdump when > applied > > with -r option is same as when it applied on the network directly.. > > your understanding is correct > > > And one more is, the captured file dump.pcap can i take to any other > system > > and then apply tcpdump , and can i expect the output should be same as > that > > of on my system.... > > if both systems are configured with the same timezone, yes. > > /hannes > - > This is the tcpdump-workers list. > Visit https://lists.sandelman.ca/ to unsubscribe. > -- Thaks & Regards, Latha. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.