On Sat, Feb 20, 2010 at 06:05:50AM +0000, Hadi Motamedi wrote: > > Dear All > I have put tcpdump trace on port 4957 on my Debian server , as the following : > #tcpdump port 4957 > I want to obtain the payload data to see what is realy being exchanged > between my Debian server and the outside network element . Can you please let > me know how I can modify my command ?
tcpdump -s0 -w output.pcap port 4957 Consider also adding -n if name resolution takes extra time. This will send output to output.pcap . Later on run: wireshark output.pcap and analyze the flows there. Naturally you can use other programs. -- Tzafrir Cohen | [email protected] | VIM is http://tzafrir.org.il | | a Mutt's [email protected] | | best ICQ# 16849754 | | friend -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

