How to: View tcpdump captures with Wireshark
There are times when tcpdump more convenient to use than wireshark such as on a remote server where wireshark is not installed on. Also, tcpdump is installed on many default Linux installation and is widely used for network troubleshooting.
On the other hand Wireshark has a great gui interface that is flexible and can be customized to narrow down and view network captures easily. As a result, simply use tcpdump to capture data and bring it over to wireshark for processing.
The command to capture all data and not just the default packet size in tcpdump, type the following on your command line:
# tcpdump -i eth0 -s 65535 -w capture.out
Where…
- eth0 – Network interface
- capture.out – The file name tcpdump is capturing data in.