How can i see packets while capturing with tcpdump The Next CEO of Stack Overflowtcpdump and dynamic dns updatetcpdump: capture one of several vlanstcpdump - how to check rate of packets?Capturing on loopback device on Ubuntu LTS: 15 Mbit of traffic and “x dropped packets”Tcpdump stops capturing wifi data while running in the backgroundMaking TCP dump without packets lossPacket captures: filtering on RX vs TXtcpdump on bridge interface (virbr) does not receive any packets destined for one of its addressestcpdump - filter applies after some time?Use tcpdump to capture an ICMP destination unreachable message

Example of a Mathematician/Physicist whose Other Publications during their PhD eclipsed their PhD Thesis

I believe this to be a fraud - hired, then asked to cash check and send cash as Bitcoin

How to count occurrences of text in a file?

Opposite of a diet

What happens if you roll doubles 3 times then land on "Go to jail?"

Customer Requests (Sometimes) Drive Me Bonkers!

How to get regions to plot as graphics

Is it okay to store user locations?

Need some help with wall behind rangetop

Should I tutor a student who I know has cheated on their homework?

Why were Madagascar and New Zealand discovered so late?

What do "high sea" and "carry" mean in this sentence?

Whats the best way to handle refactoring a big file?

How did people program for Consoles with multiple CPUs?

Why does standard notation not preserve intervals (visually)

How long to clear the 'suck zone' of a turbofan after start is initiated?

How should I support this large drywall patch?

% symbol leads to superlong (forever?) compilations

Why do remote companies require working in the US?

How to write papers efficiently when English isn't my first language?

Term for the "extreme-extension" version of a straw man fallacy?

Anatomically Correct Mesopelagic Aves

What does "Its cash flow is deeply negative" mean?

Can a caster that cast Polymorph on themselves stop concentrating at any point even if their Int is low?

How can i see packets while capturing with tcpdump

The Next CEO of Stack Overflowtcpdump and dynamic dns updatetcpdump: capture one of several vlanstcpdump - how to check rate of packets?Capturing on loopback device on Ubuntu LTS: 15 Mbit of traffic and “x dropped packets”Tcpdump stops capturing wifi data while running in the backgroundMaking TCP dump without packets lossPacket captures: filtering on RX vs TXtcpdump on bridge interface (virbr) does not receive any packets destined for one of its addressestcpdump - filter applies after some time?Use tcpdump to capture an ICMP destination unreachable message

How can I see traffic while I am capturing it with tcpdump.

When I use -w, it doesn't show the packets during the capture.

sudo tcpdump -i enp2s0 -w test.pcap
tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C6 packets captured
7 packets received by filter
0 packets dropped by kernel

asked 19 hours ago

Olivier Lasne

1111

New contributor

add a comment |

How can I see traffic while I am capturing it with tcpdump.

When I use -w, it doesn't show the packets during the capture.

sudo tcpdump -i enp2s0 -w test.pcap
tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C6 packets captured
7 packets received by filter
0 packets dropped by kernel

asked 19 hours ago

Olivier Lasne

1111

New contributor

add a comment |

How can I see traffic while I am capturing it with tcpdump.

When I use -w, it doesn't show the packets during the capture.

sudo tcpdump -i enp2s0 -w test.pcap
tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C6 packets captured
7 packets received by filter
0 packets dropped by kernel

asked 19 hours ago

Olivier Lasne

1111

New contributor

How can I see traffic while I am capturing it with tcpdump.

When I use -w, it doesn't show the packets during the capture.

sudo tcpdump -i enp2s0 -w test.pcap
tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
^C6 packets captured
7 packets received by filter
0 packets dropped by kernel

tcpdump pcap

asked 19 hours ago

Olivier Lasne

1111

New contributor

asked 19 hours ago

Olivier Lasne

1111

New contributor

asked 19 hours ago

Olivier Lasne

1111

New contributor

asked 19 hours ago

Olivier Lasne

1111

asked 19 hours ago

Olivier Lasne

1111

New contributor

Olivier Lasne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment |

3 Answers
3

active

oldest

votes

-w option is to write the tcpdump output to a file. you can remove that option if you want to print on your terminal.

answered 19 hours ago

Rachel

213

New contributor

add a comment |

Since you are using the option -w, the packets are being saved to the file and not displayed at the standard output. Here from the tcpdumup manpage:

https://www.tcpdump.org/manpages/tcpdump.1.html

-w file
 Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-''. 
 This output will be buffered if written to a file or pipe, so a program reading from the file or pipe may not see packets for an arbitrary amount of time after they are received. Use the -U flag to cause packets to be written as soon as they are received. 
 The MIME type application/vnd.tcpdump.pcap has been registered with IANA for pcap files. The filename extension .pcap appears to be the most commonly used along with .cap and .dmp. Tcpdump itself doesn't check the extension when reading capture files and doesn't add an extension when writing them (it uses magic numbers in the file header instead). However, many operating systems and applications will use the extension if it is present and adding one (e.g. .pcap) is recommended. 
 See pcap-savefile(5) for a description of the file format.

If you want to do both at the same time, here is a way to achieve that:

How can I have tcpdump write to file and standard output the appropriate data?

edited 17 hours ago

answered 19 hours ago

Diamant

7,52331633

add a comment |

So after a bit of experiment, the anwser if the following :

sudo tcpdump -i enp2s0 -U -w - | tee test.pcap | tcpdump -r -

-w - : write to standard output.

-U : write packets as soon as they arrive. Don't wait until the buffer is full.

Tee will write to the file, and tcpdump -r - read the packets from standard input.

answered 18 hours ago

Olivier Lasne

1111

New contributor

add a comment |

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

Olivier Lasne is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f960405%2fhow-can-i-see-packets-while-capturing-with-tcpdump%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

3 Answers
3

active

oldest

votes

3 Answers
3

active

oldest

votes

-w option is to write the tcpdump output to a file. you can remove that option if you want to print on your terminal.

answered 19 hours ago

Rachel

213

New contributor

add a comment |

-w option is to write the tcpdump output to a file. you can remove that option if you want to print on your terminal.

answered 19 hours ago

Rachel

213

New contributor

add a comment |

-w option is to write the tcpdump output to a file. you can remove that option if you want to print on your terminal.

answered 19 hours ago

Rachel

213

New contributor

-w option is to write the tcpdump output to a file. you can remove that option if you want to print on your terminal.

answered 19 hours ago

Rachel

213

New contributor

answered 19 hours ago

Rachel

213

New contributor

answered 19 hours ago

Rachel

213

answered 19 hours ago

Rachel

213

New contributor

Rachel is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment |

Since you are using the option -w, the packets are being saved to the file and not displayed at the standard output. Here from the tcpdumup manpage:

https://www.tcpdump.org/manpages/tcpdump.1.html

-w file
 Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-''. 
 This output will be buffered if written to a file or pipe, so a program reading from the file or pipe may not see packets for an arbitrary amount of time after they are received. Use the -U flag to cause packets to be written as soon as they are received. 
 The MIME type application/vnd.tcpdump.pcap has been registered with IANA for pcap files. The filename extension .pcap appears to be the most commonly used along with .cap and .dmp. Tcpdump itself doesn't check the extension when reading capture files and doesn't add an extension when writing them (it uses magic numbers in the file header instead). However, many operating systems and applications will use the extension if it is present and adding one (e.g. .pcap) is recommended. 
 See pcap-savefile(5) for a description of the file format.

If you want to do both at the same time, here is a way to achieve that:

How can I have tcpdump write to file and standard output the appropriate data?

edited 17 hours ago

answered 19 hours ago

Diamant

7,52331633

add a comment |

Since you are using the option -w, the packets are being saved to the file and not displayed at the standard output. Here from the tcpdumup manpage:

https://www.tcpdump.org/manpages/tcpdump.1.html

-w file
 Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-''. 
 This output will be buffered if written to a file or pipe, so a program reading from the file or pipe may not see packets for an arbitrary amount of time after they are received. Use the -U flag to cause packets to be written as soon as they are received. 
 The MIME type application/vnd.tcpdump.pcap has been registered with IANA for pcap files. The filename extension .pcap appears to be the most commonly used along with .cap and .dmp. Tcpdump itself doesn't check the extension when reading capture files and doesn't add an extension when writing them (it uses magic numbers in the file header instead). However, many operating systems and applications will use the extension if it is present and adding one (e.g. .pcap) is recommended. 
 See pcap-savefile(5) for a description of the file format.

If you want to do both at the same time, here is a way to achieve that:

How can I have tcpdump write to file and standard output the appropriate data?

edited 17 hours ago

answered 19 hours ago

Diamant

7,52331633

add a comment |

Since you are using the option -w, the packets are being saved to the file and not displayed at the standard output. Here from the tcpdumup manpage:

https://www.tcpdump.org/manpages/tcpdump.1.html

-w file
 Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-''. 
 This output will be buffered if written to a file or pipe, so a program reading from the file or pipe may not see packets for an arbitrary amount of time after they are received. Use the -U flag to cause packets to be written as soon as they are received. 
 The MIME type application/vnd.tcpdump.pcap has been registered with IANA for pcap files. The filename extension .pcap appears to be the most commonly used along with .cap and .dmp. Tcpdump itself doesn't check the extension when reading capture files and doesn't add an extension when writing them (it uses magic numbers in the file header instead). However, many operating systems and applications will use the extension if it is present and adding one (e.g. .pcap) is recommended. 
 See pcap-savefile(5) for a description of the file format.

If you want to do both at the same time, here is a way to achieve that:

How can I have tcpdump write to file and standard output the appropriate data?

edited 17 hours ago

answered 19 hours ago

Diamant

7,52331633

Since you are using the option -w, the packets are being saved to the file and not displayed at the standard output. Here from the tcpdumup manpage:

https://www.tcpdump.org/manpages/tcpdump.1.html

-w file
 Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option. Standard output is used if file is ``-''. 
 This output will be buffered if written to a file or pipe, so a program reading from the file or pipe may not see packets for an arbitrary amount of time after they are received. Use the -U flag to cause packets to be written as soon as they are received. 
 The MIME type application/vnd.tcpdump.pcap has been registered with IANA for pcap files. The filename extension .pcap appears to be the most commonly used along with .cap and .dmp. Tcpdump itself doesn't check the extension when reading capture files and doesn't add an extension when writing them (it uses magic numbers in the file header instead). However, many operating systems and applications will use the extension if it is present and adding one (e.g. .pcap) is recommended. 
 See pcap-savefile(5) for a description of the file format.

If you want to do both at the same time, here is a way to achieve that:

How can I have tcpdump write to file and standard output the appropriate data?

edited 17 hours ago

answered 19 hours ago

Diamant

7,52331633

edited 17 hours ago

answered 19 hours ago

Diamant

7,52331633

answered 19 hours ago

Diamant

7,52331633

answered 19 hours ago

Diamant

7,52331633

add a comment |

So after a bit of experiment, the anwser if the following :

sudo tcpdump -i enp2s0 -U -w - | tee test.pcap | tcpdump -r -

-w - : write to standard output.

-U : write packets as soon as they arrive. Don't wait until the buffer is full.

Tee will write to the file, and tcpdump -r - read the packets from standard input.

answered 18 hours ago

Olivier Lasne

1111

New contributor

add a comment |

So after a bit of experiment, the anwser if the following :

sudo tcpdump -i enp2s0 -U -w - | tee test.pcap | tcpdump -r -

-w - : write to standard output.

-U : write packets as soon as they arrive. Don't wait until the buffer is full.

Tee will write to the file, and tcpdump -r - read the packets from standard input.

answered 18 hours ago

Olivier Lasne

1111

New contributor

add a comment |

So after a bit of experiment, the anwser if the following :

sudo tcpdump -i enp2s0 -U -w - | tee test.pcap | tcpdump -r -

-w - : write to standard output.

-U : write packets as soon as they arrive. Don't wait until the buffer is full.

Tee will write to the file, and tcpdump -r - read the packets from standard input.

answered 18 hours ago

Olivier Lasne

1111

New contributor

So after a bit of experiment, the anwser if the following :

sudo tcpdump -i enp2s0 -U -w - | tee test.pcap | tcpdump -r -

-w - : write to standard output.

-U : write packets as soon as they arrive. Don't wait until the buffer is full.

Tee will write to the file, and tcpdump -r - read the packets from standard input.

answered 18 hours ago

Olivier Lasne

1111

New contributor

answered 18 hours ago

Olivier Lasne

1111

New contributor

answered 18 hours ago

Olivier Lasne

1111

answered 18 hours ago

Olivier Lasne

1111

New contributor

Olivier Lasne is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment |

Olivier Lasne is a new contributor. Be nice, and check out our Code of Conduct.

draft saved

draft discarded

Olivier Lasne is a new contributor. Be nice, and check out our Code of Conduct.

Thanks for contributing an answer to Server Fault!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

This page is only for reference, If you need detailed information, please check here

搜尋此網誌

Otdfbt

3 Answers
3

Your Answer

Post as a guest

3 Answers
3

3 Answers
3

Post as a guest

Popular posts from this blog

3 Answers 3

Your Answer

Sign up or log in

Post as a guest

Post as a guest

3 Answers 3

3 Answers 3

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

3 Answers
3

3 Answers
3

3 Answers
3