From owner-freebsd-questions@FreeBSD.ORG  Tue Jul 25 18:42:05 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F1F5C16A4DA
	for <freebsd-questions@freebsd.org>;
	Tue, 25 Jul 2006 18:42:05 +0000 (UTC)
	(envelope-from dwc@stilyagin.com)
Received: from puffy.asicommunications.com (puffy.asicommunications.com
	[216.9.200.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D09943D46
	for <freebsd-questions@freebsd.org>;
	Tue, 25 Jul 2006 18:42:03 +0000 (GMT)
	(envelope-from dwc@stilyagin.com)
Received: from jeeves.stilyagin.local
	(reserved-216-9-200-69.asicommunications.com [216.9.200.69]
	(may be forged))
	by puffy.asicommunications.com (8.13.4/8.13.3) with ESMTP id
	k6PIg2qd007599
	(version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO);
	Tue, 25 Jul 2006 11:42:02 -0700 (MST)
Received: (from dwc@localhost)
	by jeeves.stilyagin.local (8.13.4/8.13.4/Submit) id k6PIg1Q6004659;
	Tue, 25 Jul 2006 11:42:01 -0700 (MST)
Date: Tue, 25 Jul 2006 11:42:01 -0700
From: Darrin Chandler <dwchandler@stilyagin.com>
To: Steel City Phantom <scphantm@yahoo.com>
Message-ID: <20060725184201.GA31390@jeeves.stilyagin.local>
References: <44C51D80.8060306@yahoo.com>
	<20060725011022.GD27489@jeeves.stilyagin.local>
	<44C63BBE.90102@yahoo.com> <44C64486.3030005@mac.com>
	<44C65765.4090401@yahoo.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44C65765.4090401@yahoo.com>
User-Agent: Mutt/1.4.2i
Cc: freebsd-questions@freebsd.org
Subject: Re: dumping net traffic to log file
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jul 2006 18:42:06 -0000

On Tue, Jul 25, 2006 at 01:39:49PM -0400, Steel City Phantom wrote:
> Great, im making good progress here.  it seems like tcpdump only 
> captures the headers, is there a way to capture the entire packet, data 
> and all?

In addition the the other fine answers you got, after you've written to
a file with -w and are later reading it with -r you can raise the
snaplength with -s to view a bit more without seeing the whole packet.
Often that's a nice way to narrow things down when you don't yet know
exactly what you're looking for.

Also, you will want to get familiar with filter expressions, which may
appear at the end of the tcpdump command:

"tcpdump <...> host 192.168.10.100 and port 999"

would only show traffic for port 999 to or from 192.168.10.11, for
instance.

-- 
Darrin Chandler            |  Phoenix BSD Users Group
dwchandler@stilyagin.com   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |