Guy, Thanks for the great info, much appreciated - I will test today.
Jeff -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Guy Harris Sent: Wednesday, March 23, 2005 3:41 PM To: tcpdump-workers@lists.tcpdump.org Subject: Re: [tcpdump-workers] tcpdump on Nokia IP380 to grab http headers Walzer, Jeff wrote: > I want to run tcpdump on the Nokia box to make sure that is the only > header and that I'm not missing any that might get stripped. Does > tcpdump allow me to grab http headers and if so what command options > do I need to use to grab that info? Tcpdump grabs raw packet data - it doesn't specifically capture HTTP headers. I.e., it'll save a packet trace in the same format as Packetyzer (or, rather, Packetyzer saves them in the same format as tcpdump - Packetyzer is based on Ethereal, which was designed to use libpcap format, the format defined by the packet capture and save file library used by tcpdump, as well as by Ethereal for capturing, as its native file format). However, tcpdump, unlike Ethereal and Packetyzer, defaults to saving only the first 68 or 96 bytes of a packet, so you will get only a small amount of the HTTP header, if any, by default. You would have to increase the "snapshot length" to capture the entire packet. I don't know what version of tcpdump IPSO comes with, so "-s 0" might not work as a way to say "save the entire packet", so use "-s 65535" instead, and also use "-w" to save the file in binary format: tcpdump -s 65535 -w capture_file You can also use a capture filter to limit what packets it'll capture. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe. - This is the tcpdump-workers list. Visit https://lists.sandelman.ca/ to unsubscribe.
