How to display all data using tcpdump?

About

Asked 13/7, 2016 at 3:38 Answered 7/8 at 6:1

Solved linux network-programming tcpdump

I am capturing network traffic by using tcpdump. The problem is: I can't see all capture data when the package is too long. For example, when the tcp frame length is more than 500, I just see 100-200 or less. How to display all frame data(500+)?

I have tried add -vv and -vvv parameter. This is my current command:

 tcpdump -i eth1 tcp and host 10.27.13.14 and port 6973 -vv -X -c 1000

Aristippus answered 13/7, 2016 at 3:38 Comment(2)

Did you check with wireshark? – Phosphor 13/7, 2016 at 3:42

@mrg I just want to see in the terminal,I am tracing instance traffic.I have no GUI – Aristippus 13/7, 2016 at 3:49

Add -s0 parameter:

tcpdump -i eth1 tcp and host 10.27.13.14 and port 6973 -s0 -vv -X -c 1000

Aristippus answered 13/7, 2016 at 4:47 Comment(1)

-s snaplen --snapshot-length=snaplen Setting snaplen to 0 sets it to the default of 262144, for backwards compatibility with recent older versions of tcpdump. – Almshouse 2/4, 2019 at 8:44

tcpdump -i any -A -s0 port 80

listens to port 80
-i any: on any interface (replace with e.g., -i eth0)
-A prints packet contents
-s0 set snapshot length (0 means the whole packer, removing this option will use the default value, often 96)

Berna answered 7/8 at 6:1 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags