Date: Mon, 19 Mar 2007 13:41:21 -0400 From: Randall Stewart <rrs@cisco.com> To: Shteryana Shopova <shteryana@gmail.com> Cc: Max Laier <max@love2party.net>, "manuel.ochoa@yahoo.com" <manuel.ochoa@yahoo.com>, freebsd-net@freebsd.org Subject: Re: Wireshark Message-ID: <45FECB41.3070601@cisco.com> In-Reply-To: <61b573980703190525s30f22648od0ecdecd01879d0c@mail.gmail.com> References: <983439.189.qm@web58004.mail.re3.yahoo.com> <61b573980703190525s30f22648od0ecdecd01879d0c@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Shteryana Shopova wrote: > On 3/19/07, manuel.ochoa@yahoo.com <manuel.ochoa@yahoo.com> wrote: >> Max, correct me if I'm wrong but tcpdump will only give you the >> headers, is that correct? This is fine most of the time but sometimes >> I need to capture full frames. > > Nope - that's not correct - > > #tcpdump -s 0 > > will capture full frames. But nothing IMO beats wireshark for being able to go in and analyze a dump .. searching on various condition's fields etc.. It does not matter to me generally how its collected wireshark/tcpdump -s 0.. But to analyze it.. give me wireshark any day :-D R -- Randall Stewart NSSTG - Cisco Systems Inc. 803-345-0369 <or> 803-317-4952 (cell)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45FECB41.3070601>