Wireshark mailing list archives

file format question

From: János Löbb <janos.lobb () yale edu>
Date: Mon, 22 Aug 2011 16:08:56 -0400

Hi,

I do this on an Ubuntu 10.04 server:

root@doppio:~# tcpdump -c1000 net xxx.yy.zz.0/24 > /tmp/tcpdump.pcap
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
1000 packets captured
1058 packets received by filter

Then I copy it down to my Mac where I have wireshark installed. Version 1.3.4 (SVN Rev 32340 from /trunk)

In the finder the file gets the right icon.  When I double click it, Wireshark is thinking for a few seconds, than puts 
this message up:

The file "/Volumes/Home/janos/tcpdump.pcap" isn't a capture file in a format Wireshark understands.

So the question is how should I do the tcpdump on Ubuntu to be able to open it in Wireshark on my Mac ?

Thanks ahead,

János


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

file format question János Löbb (Aug 22)
- Re: file format question Bill Meier (Aug 22)
- Re: file format question Guy Harris (Aug 22)
  - Re: file format question Stephen Fisher (Aug 22)
- Re: file format question Michael Tuexen (Aug 22)