 | 1 | initial version |
From the tcpdump man page:
-w file
Write the raw packets to file rather than parsing and printing
them out. They can later be printed with the -r option. Stan-
dard output is used if file is ``-''.
This output will be buffered if written to a file or pipe, so a
program reading from the file or pipe may not see packets for an
arbitrary amount of time after they are received. Use the -U
flag to cause packets to be written as soon as they are re-
ceived.
Try:
tcpdump -i any ! host 172.xx.xx.116 -s 0 -w - | ssh [email protected] “cat > dump.pcap”
| | 2 | No.2 Revision |
From the tcpdump man page:
-w file
Write the raw packets to file rather than parsing and printing
them out. They can later be printed with the -r option. Stan-
dard output is used if file is ``-''.
This output will be buffered if written to a file or pipe, so a
program reading from the file or pipe may not see packets for an
arbitrary amount of time after they are received. Use the -U
flag to cause packets to be written as soon as they are re-
ceived.
Try:
tcpdump -i any ! host 172.xx.xx.116 -s 0 -w - | ssh [email protected] “cat > dump.pcap”
'cat>dump.pcap'
(assuming the xx.xx are replaced to complete the IP address)