My tcpdump Idiom

September 22nd, 2013 by rlaager

This is how I like to run tcpdump these days:
sudo tcpdump -U -s 0 -w - port 80 | tee DESCRIPTION-$(date +%s).pcap | tcpdump -lvvnr -

This dumps out a .pcap file I can open in Wireshark later, but also shows the tcpdump human-readable representation in real-time.

Posted in Computers, Open Source | No Comments »