# Revision history [back]

From the tcpdump man page:

       -w file
Write the raw packets to file rather than parsing  and  printing
them  out.  They can later be printed with the -r option.  Stan-
dard output is used if file is -''.

This output will be buffered if written to a file or pipe, so  a
program reading from the file or pipe may not see packets for an
arbitrary amount of time after they are received.   Use  the  -U
flag  to  cause  packets  to  be written as soon as they are re-
ceived.


Try:

tcpdump -i any ! host 172.xx.xx.116 -s 0 -w - | ssh [email protected] “cat > dump.pcap”


From the tcpdump man page:

       -w file
Write the raw packets to file rather than parsing  and  printing
them  out.  They can later be printed with the -r option.  Stan-
dard output is used if file is -''.

This output will be buffered if written to a file or pipe, so  a
program reading from the file or pipe may not see packets for an
arbitrary amount of time after they are received.   Use  the  -U
flag  to  cause  packets  to  be written as soon as they are re-
ceived.


Try:

tcpdump -i any ! host 172.xx.xx.116 -s 0 -w - | ssh [email protected] “cat > dump.pcap”
'cat>dump.pcap'


(assuming the xx.xx are replaced to complete the IP address)