Login or Register to Ask a Question and Join Our Community


IP Networking

tcpdump vs. wireshark

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums IP Networking tcpdump vs. wireshark
# 1  
Old 07-18-2012
tcpdump vs. wireshark
Hi,

I am trying to capture manually crafted IP packets, created using Scapy, to a pcap file that can later be replayed using tcpreplay.

When using wireshark, I can successfully capture these packets and view them in wireshark.
However, when using tcpdump, these packets are then shown in wireshark as malformed packets. It seems like tcpdump wrongly parses/stores them.

Is there any difference between tcpdump and wireshark capturing? Can I configure tcpdump to capture just like wireshark does? (I tried -s 0 or -s 65536 and this did not help)

Thank you!
# 2  
Old 07-20-2012
What is your exact tcpdump syntax? what format are you capturing in?

You could try capturing to pcap file using tshark, and seeing if tcpreplay will replay the file.
# 3  
Old 07-20-2012
I used: tcpdump -s 0 -w <file>
Is it correct?
Does it capture in a different format than Wireshark does?

Regarding tshark - will give it a try and report. Thanks!
Login or Register to Ask a Question

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. IP Networking

Wireshark duplicate messages

Hello all, Is it any way to filter or better do not capture at all, duplicate messages? Thanks in advance (2 Replies)
Discussion started by: @dagio
2 Replies
Login or Register to Ask a Question