Jacky Buyck wrote: <Hi all. <Is there a difference between a file capture byt the following command : <tcpdump -w file <and a dump capture throught ethereal ? < <I ask this question because I have detect some problem when analysing H323 communications. <When I make a dump with tcpdump on linux and read it on win32 ethereal (with H323 plugins) it's not the same result that a file <capure on Ethereal on linux and read on ethereal on Win32. < <Any explanation to that ???
Its probably the snaplen that you have increase from the default value, use the "-s" option of tcpdump.
