tcpdump mailing list archives
Re: the bug of use for 'more' for the file created with tcpdump
From: Guy Harris <guy () alum mit edu>
Date: Thu, 4 Aug 2011 13:59:00 -0700
On Aug 4, 2011, at 2:11 AM, . 嫒〆j々 wrote:
First I use tcpdump to wirite the information to a file . like this,'tcpdump host 192.168.1.198 -w a.txt'.
"a.txt" is a bad name for the file, because it's *not* a text file!
Arter about three seconds,I press the 'CTRL+C". Second, I use the "more" to view the information about a.txt . But After I press the 'CTRL+C". The word int command window is like " [������├@┌������┌������├ ·]# " .
Yes, it's a binary file, so you're not going to get anything very readable if you use "more" on it. The bug is that you're using the wrong command to read the file, not that there's something wrong with tcpdump or more. The file format was designed to be quickly writable and readable by programs, not easily readable by humans. There are many programs that can read those files. One of them is named "tcpdump". :-) tcpdump -r a.txt I'd call it "a.pcap" in the future; ".pcap" is the closest thing to a standard suffix for those files.- This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- the bug of use for 'more' for the file created with tcpdump . 嫒〆j々 (Aug 04)
- Re: the bug of use for 'more' for the file created with tcpdump Guy Harris (Aug 04)