asked 04 Jan '13, 11:39  dalawh edited 04 Jan '13, 11:49 |
One Answer:
If by pcaps you mean files in pcap format containing previously captured network traffic, then:
answered 04 Jan '13, 12:23  SYN-bit ♦♦ showing 5 of 18 show 13 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Since part one uses the GUI and part two use a command prompt, is there a way I can do it all under one?
tcpdump is a different program with different kind of output. However, wireshark is more detailed and powerful in it's dissection, so yes, I would say you can do both with wireshark.
How would you tcpdump with Wireshark? You only gave me the command line version or was that command line meant to be used inside the GUI?
What do you mean with "how would you tcpdump", tcpdump is a program. Please have a look at the user's guide of wireshark.
I was trying to tcp dump without the command. Guess you can't. Thanks for the help. I will try these out and see what happens.
If you mean you want to capture packets from the GUI, yes you can, go to "Capture -> Options"
Does tcpdump not come with Wireshark? If it doesn't, where can I get it? When I use the command, it says it was not recognized.
tcpdump is part of the most Unix like systems (you might have to install it though). It is not part of windows. What is your OS?
@Kurt I am using Windows 7. Is there anyway to do it with Win7?
if you really need/want tcpdump, there are two options:
BTW: Why do you want to use tcpdump if you can use the much better tshark (part of Wireshark)?
Isn't tshark just Wireshark, but used with command prompt? I couldn't tcpdump with Wireshark, so I didn't think I could with tshark.
well, yes and no. tshark shares most of the functionality with wireshark, but not all. And yes: tshark is the CLI tool, while Wireshark is the GUI tool.
by
I couldn't **tcpdump**you mean capturing traffic (which is the right term for 'dumping' network packets to disk), right? If so, what problems did you have?Again, what do you mean with "tcpdump" as a action? If you mean "capture network traffic and save it to disk", then both wireshark and tshark can do that for you...
If you mean something else with "tcpdump", pleae enlighten us...
So tcpdump and Wireshark are both programs that do the same thing (packet analyzer), but Wireshark is more powerful?
Does tcpdump a phrase for capturing packets? Based on the name, I assumed it would only capture TCP related packets. I am all new to this stuff.
Some people use "tcpdump" as a verb, just like some people use "xerox" as a verb when they mean they want to make a photocopy. But both terms are not verbs in principle :-)
tcpdump is a program that, just like wireshark and tshark, captures packets and displays them on the screen with a little interpretation for the viewer to make life easier for them.
It is also possible to save packets in a (binary) file for later analysis. This is true for both tcpdump as wireshark (and also for tshark).
Is there any part of tcpdump that is better than Wireshark or is Wireshark far superior?
It's like comparing apples with pears, I do want to eat both, but I eat more apples :-)
I use wireshark and tshark the most, but I use tcpdump on the following occasions:
wireshark/tshark is far superior in terms of functionality and ability to dissect protocols. tcpdump 'usually' needs less system resources (esp. RAM) while capturing traffic.