# sudo tcpdump -i en0 -vvv -K -n -s 0 -w ~/Desktop/DumpFile.dmp
or without -K option:
# sudo tcpdump -i en0 -vvv -n -s 0 -w ~/Desktop/DumpFile.dmpIf you want to stop it from capturing, just press control-c. And to view the file:
# sudo tcpdump -s 0 -n -e -x -vvv -r ~/Desktop/DumpFile.dmp
Here's options explanation using in command above:
-i interface
-vvv even more verbose output
-K don't attempt to verify TCP, UDP and IP checksums
-n don't convert addressed to names
-s snaplen settings. setting snaplen to 0 means use the required length to catch whole packets
-w write the raw packets to file rather than parsing and printing them out
-x when parsing and printing, in addition to printing header of each packet, print the data of each packet (minus its link level header) in hex
-r read packets from file
No comments:
Post a Comment
Hi, for all of those who already put comments on my blog post, thanks.. really appreciate it. And for those who have not, just put your comments here :)