Re: [Wireshark-users] tcpdump command to capture https traffic

2007-07-20 Thread Kaushal Shriyan
Hi Guy Harris Thanks Guy Harris :-) Can I have online docs to understand TCP/IP Protocol and just to understand how the Network Packets are constructed. Thanks a Lot Awaiting your earnest reply Regards Kaushal On 7/19/07, Guy Harris [EMAIL PROTECTED] wrote: Kaushal Shriyan wrote: is

Re: [Wireshark-users] tcpdump command to capture https traffic

2007-07-19 Thread Les Bowditch
Do you just want traffic between 192.168.0.1 AND 192.168.0.2? If so, that should work. Les Bowditch Senior Network Operations Analyst Shift Networks Suite 320, 1121 Centre Street NW Calgary, AB T2E 7K6 Tel: +1 (403) 536-5491 Tel: +1 (866) 963-8749 Fax: +1 (403) 770-7449 [EMAIL

Re: [Wireshark-users] tcpdump command to capture https traffic

2007-07-19 Thread Guy Harris
Kaushal Shriyan wrote: Thanks and what does s 0 signifies, I know s means snapshot length so what does s 0 signifies It means the maximum snapshot length, which is 65535 bytes. (Versions of tcpdump prior to 3.6 require that you do -s 65535, but all later versions support -s 0.)

Re: [Wireshark-users] tcpdump command to capture https traffic

2007-07-19 Thread Kaushal Shriyan
Thanks Guy Harris One more question is it better to run tcpdump -i eth0 -s 0 -w dump host 192.168.0.1 and host 192.168.0.2 and port 443 or instead tcpdump -i eth0 -s 1500 -w dump host 192.168.0.1 and host 192.168.0.2 and port 443 which is the best method Thanks and Regards Kaushal On

Re: [Wireshark-users] tcpdump command to capture https traffic

2007-07-19 Thread Guy Harris
Kaushal Shriyan wrote: is it better to run tcpdump -i eth0 -s 0 -w dump host 192.168.0.1 http://192.168.0.1/ and host 192.168.0.2 http://192.168.0.2/ and port 443 or instead tcpdump -i eth0 -s 1500 -w dump host 192.168.0.1 http://192.168.0.1/ and host 192.168.0.2 http://192.168.0.2/

Re: [Wireshark-users] tcpdump command

2007-05-18 Thread andre.noel
Hi, Youa re using dst host and src host that's why. To see both direction between thiese hosts try tcpdump -i eth0 -s 1500 -w dump host 192.168.0.1 http://192.168.0.1 and host www.example.com http://www.example.com This way you will have only host to host conversation both

Re: [Wireshark-users] tcpdump command

2007-05-18 Thread David Meagher
you are using src and dst filters. this is why you are only seeing traffic going in one way try just using the host that you are interested in so tcpdump -i eth0 -s 1500 -w dump2 host www.example.com On 18/05/07, Kaushal Shriyan [EMAIL PROTECTED] wrote: Hi I have to capture network traffic

Re: [Wireshark-users] tcpdump command

2007-05-18 Thread Guy Harris
Kaushal Shriyan wrote: I have to capture network traffic between an appliance and content server using tcpdump command and then dump to a file and read and decode it using wireshark How do i proceed I have used tcpdump -i eth0 -s 1500 -w dump src host 192.168.0.1 and dst host