Tcpshow
Jump to navigation
Jump to search
DRAFT
This page is still a draft. Thank you for your understanding.
Description
Tcpshow decodes a tcpdump file, giving a verbose display of the headers and an ASCII display of ICMP, UDP and TCP data.
Installation
$ sudo apt-get install alien $ cd ~/src/ $ wget http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/tcpshow-1.0-1.el6.rf.i686.rpm $ alien tcpshow-1.0-1.el6.rf.i686.rpm $ sudo dpkg -i tcpshow_1.0-2_i386.deb
Usage
Syntax
$ tcpshow [ options ... ] [ expr ]
where:
- expr is a tcpdump expression, and is only valid when the -cooked option is not used.
- Input is from stdin, which must be a raw tcpdump data file (savefile), unless the -cooked option is used, in which case stdin must be in the format produced by tcpdump -lenx.
- Output is to stdout
- tcpdump must be on your PATH unless -cooked is used.
Options
- -b
- break long lines so they don't wrap
- -sb
- show breaks (show where we broke a line)
- -w width
- set pagewidth to "width" columns (used by -b)
- -nolink
- don't decode link header (Ethernet header)
- -noip
- don't decode IP header
- -nodata
- don't show data (show headers only)
- -data
- display data only; minimal header decode
- -track
- track sequence numbers (show next-expected ACK)
- -terse
- show header decode in compact format
- -cooked
- don't run tcpdump to pre-process the input
- -pp
- point-to-point link (no Ethernet header available)
- -s
- display hex dump of spurious data at packet-end
- -h
- display this help summary
Example
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.