John,
You might also need/want to add "-s0" to let it capture the entire
packet including payload. This will let Wireshark do a better job at
decoding the protocol.
(By default tcpdump will only grab the first 68 bytes.)
Jim
----- Original Message -----
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tuesday, October 24, 2006 1:26 pm
Subject: Re: [Wireshark-users] Use tcpdump to capture for Wireshark?
To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
> John Oliver wrote:
> > I redirected the output of tcpdump to an ASCII text file, but
> Wireshark> doesn't like that. How can I capture traffic with
> tcpdump in a format
> > that Wireshark will understand?
>
> By using the "-w" flag. (That's also how you capture traffic with
> tcpdump in a format that tcpdump will understand, and that some
> other
> free and commercial tools will understand. It's libpcap format,
> the
> same format that Wireshark/TShark uses.)
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>