> A newbie question.
> I need to do the following thing:
> - Go (actually go) to a remote location
> - Set up a machine there to capture packet every 6 hours, for 10 minutes
> (crontab probably)
> - Come back a week later and pick up the results.
>
> Is there any good reason to prefer tethereal over tcpdump, or vice-versa ?
I assume you'll be capturing to a file here, i.e. using the "-w" flag of
tethereal or tcpdump.
If so, there's a slight reason to prefer tcpdump, namely that it doesn't
provide a running count of packets captured, which is useful if you're
running it from a live session, but not so useful if you're running it
in the background, as I infer you'll be doing. (Perhaps we should add a
"-q" flag to tethereal.)
Note, however, that if you're using tcpdump, and you want *all* of the
packet data to be captured, not just the first up-to-68 bytes of each
packet, you will need to specify a larger snapshot length to tcpdump
with the "-s" flag, as it defaults to 68; it defaults to 65535 in
tethereal.