tcpdump -s 0 -i any -w /path/to/capture/file.cap
-s 0 means capture the entire Ethernet frame - which is very important for most network captures. If not captured in full, it will be hard to analyze the protocol traffic being captured.
To analyze, use the most common, free network capture analyzer - Wireshark.
No comments:
Post a Comment