One excellent thing about Wireshark is that it can read a Linux tcpdump and do it's GUI magic with it (on Windows). Formatting a 'tcpdump -w foo.pcap -i eth0' using 'tcpdump -r foo.pcap' becomes redundant. You simply move that foo.pcap file to Windows and Wireshark does it's magic with it.JustThisGuy wrote:If you just want to capture the network packets 'tcpdump' is the tool.
If you want some help with capture and analysis and a display gui then use 'wireshark'.
Users browsing this forum: No registered users and 9 guests