Tuesday, 6 September 2011

TCPDUMP: How to capture a full packet

This request generally comes around when there is some suspicious network activity seen by one of the IDS and the engineer wants to see the entire packet:

tcpdump -nnvvXSs 1514 -i eth0


  1. thanks for this post..could you please explain ((-nnvvXSs 1514 ))terms???

  2. Hey - sure thing:
    nn = don't resolve host names or port names
    vv = verbosity level (can be v, vv, or vvv)
    X = Payload. Shows packets contents in both ASCII and HEX. If you need the ethernet header us XX instead of just X
    S = prints absolute sequence numbers
    s = allows you to set snaplen (in this case 1514) so we capture the whole packet.

    Thanks for reading!

  3. Hola, buenas puedes comentarme como hago para ver la captura, no tengo muy claro esto y estoy practicando