On Sat, Feb 20, 2010 at 06:05:50AM +0000, Hadi Motamedi wrote: > > Dear All > I have put tcpdump trace on port 4957 on my Debian server , as the following : > #tcpdump port 4957 > I want to obtain the payload data to see what is realy being exchanged > between my Debian server and the outside network element . Can you please let > me know how I can modify my command ?
tcpdump -s0 -w output.pcap port 4957 Consider also adding -n if name resolution takes extra time. This will send output to output.pcap . Later on run: wireshark output.pcap and analyze the flows there. Naturally you can use other programs. -- Tzafrir Cohen | tzaf...@jabber.org | VIM is http://tzafrir.org.il | | a Mutt's tzaf...@cohens.org.il | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100221181130.gw16...@pear.tzafrir.org.il
