tcpdump -r option

["Latha G" <lathajee () gmail com>]

Hi all,

Thanks for your support till now.
I want to clarify few things about the tcpdump -r option
I just used tcpdump -w dump.pcap
The -r option is used just to read back what we stored using -w option or
can we use the dump.pcap file as network and we can apply all options &
filters
  i mean like tcpdump -n -c 1 -r dump.pcap (or)  tcpdump -A -r dump.pcap
can i apply any filter expression and options on this file...
is it ok...
since i didn't use any option or filter while capturing it through -w
option..
is the output what i get from tcpdump -n -c 1 -r dump.pcap looks same as
tcpdump -n -c 1 or any difference is there?
Means what i want to clarify is , Is the behaviour of tcpdump when applied
with -r option is same as when it applied on the network directly..

And one more is, the captured file dump.pcap can i take to any other system
and then apply tcpdump , and can i expect the output  should be same as that
of on my system....

Thanks in advance..

--
Regards,
Latha.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.