tcpdump

capture entire packet

tcpdump -nnvvXSs 1514 -i eth0
  • nn : don't convert hostnames or port names
  • vv : verbosity level
  • X : payload. shows packet contents in both ASCII and HEX
  • S : prints absolute sequence numbers
  • s : set snaplen (in this case 1514)

read entire packet

tcpdump -qns 0 -A -r <filename>
  • q : quiet
  • n : don't convert host names
  • s : set snaplen (0 means catch whole packets)
  • A : print each packet in ASCII
  • r : read from file