From owner-freebsd-net@FreeBSD.ORG Mon Mar 19 17:38:29 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 378BB16A400 for ; Mon, 19 Mar 2007 17:38:29 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by mx1.freebsd.org (Postfix) with ESMTP id 150A313C4B8 for ; Mon, 19 Mar 2007 17:38:29 +0000 (UTC) (envelope-from rrs@cisco.com) Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-6.cisco.com with ESMTP; 19 Mar 2007 10:38:29 -0700 Received: from sj-core-2.cisco.com (sj-core-2.cisco.com [171.71.177.254]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id l2JHcSPO028940; Mon, 19 Mar 2007 10:38:28 -0700 Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-2.cisco.com (8.12.10/8.12.6) with ESMTP id l2JHcSZf009174; Mon, 19 Mar 2007 17:38:28 GMT Received: from xfe-sjc-211.amer.cisco.com ([171.70.151.174]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 19 Mar 2007 10:38:12 -0700 Received: from [127.0.0.1] ([171.68.225.134]) by xfe-sjc-211.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 19 Mar 2007 10:38:12 -0700 Message-ID: <45FECB41.3070601@cisco.com> Date: Mon, 19 Mar 2007 13:41:21 -0400 From: Randall Stewart User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.8) Gecko/20061029 FreeBSD/i386 SeaMonkey/1.0.6 MIME-Version: 1.0 To: Shteryana Shopova References: <983439.189.qm@web58004.mail.re3.yahoo.com> <61b573980703190525s30f22648od0ecdecd01879d0c@mail.gmail.com> In-Reply-To: <61b573980703190525s30f22648od0ecdecd01879d0c@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 19 Mar 2007 17:38:12.0389 (UTC) FILETIME=[5DE87550:01C76A4D] DKIM-Signature: v=0.5; a=rsa-sha256; q=dns/txt; l=726; t=1174325908; x=1175189908; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=rrs@cisco.com; z=From:=20Randall=20Stewart=20 |Subject:=20Re=3A=20Wireshark |Sender:=20; bh=511U2slll7Q9MBe1+2nn165wR3fDtgC71ATSLYtSCto=; b=JdFQoYEFrzR/EH6c7fBlCPeKhKiQJUNltsLkges+yXHIPIgAu9cWPP472dbDdRa4/Qw91YQ6 4cN+wCsx9+KYEWJkjD/z9Ol9wgwmGwQvnccpqJsXvFGCuor7BJcBorMo; Authentication-Results: sj-dkim-4; header.From=rrs@cisco.com; dkim=pass (sig from cisco.com/sjdkim4002 verified; ); Cc: Max Laier , "manuel.ochoa@yahoo.com" , freebsd-net@freebsd.org Subject: Re: Wireshark X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Mar 2007 17:38:29 -0000 Shteryana Shopova wrote: > On 3/19/07, manuel.ochoa@yahoo.com wrote: >> Max, correct me if I'm wrong but tcpdump will only give you the >> headers, is that correct? This is fine most of the time but sometimes >> I need to capture full frames. > > Nope - that's not correct - > > #tcpdump -s 0 > > will capture full frames. But nothing IMO beats wireshark for being able to go in and analyze a dump .. searching on various condition's fields etc.. It does not matter to me generally how its collected wireshark/tcpdump -s 0.. But to analyze it.. give me wireshark any day :-D R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 803-317-4952 (cell)