-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------
Zubairi, Shahbaz wrote:
-------------------
The Ethereal project is being continued at a new site. Please go to
http://www.wireshark.org and subscribe to wireshark-users@xxxxxxxxxxxxx.
Don't forget to unsubscribe from this list at
http://www.ethereal.com/mailman/listinfo/ethereal-users
-------------------
Hi All,
What is the right command to snoop on Solaris platform to capture the
packets and import them into Ethereal?
The same as the right command for Wireshark (see the note above, added
automatically to your mail):
snoop -o {filename}
with "-d", etc. flags added as necessary.
Wireshark does, of course, also run on Solaris, as does the command-line
variant TShark and the Wireshark capture utility dumpcap.
I have noticed that Linux tcpdump truncates data on some packets.
Tcpdump/WinDump, on *all* platforms, truncates data *by default* to 68
or 96 bytes, so you have to specify "-s 0" (or, on older versions, "-s
65535") to get it not to truncate packets.
I don�t want to truncate anything.
Snoop doesn't truncate by default; you have to explicitly specify a "-s"
flag to get it to truncate. (Wireshark, TShark, and dumpcap don't
truncate by default, either.)
Tcpdump/WinDump does truncate by default; you have to explicitly specify
a "-s" flag to get it *not* to truncate (or to get it to truncate to a
length other than the default).
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users