[David Wolever <wolever.lists@xxxxxxxxx>]

I was recently investigating a huge amount of traffic on a remote
server.  I used tcpdump to capture some traffic (with `tcpdump -w
dump`), then downloaded it to my laptop and used Ethereal to analyze
it.  When I looked at it, it looked like a bunch of garbage.  Requests
like "GET http://<three letters you might expect like www or ad.>" and
garbled responses.  When I checked the Apache logs, it showed lots of
nice, complete requests (well, the requests them selves were nasty,
but they weren't broken like I thought they were).  Just on a hunch, I
tried using tethereal to dump some traffic (with `tethereal -w
dump2`).  After I downloaded it and opened it in Ethereal, it looked
fine (I could see complete HTTP requests using "Follow TCP Stream",
etc).
Why is this?  Is there any way I can use tcpdump to create more
"intelligible" packet captures?  Am I simply doing something wrong?
Thanks,
David