On Sep 5, 9:34*am, RicK_Murphy

wrote:
> hy guys
>
> is there a way for capture traffic in my eth0 and savi it in a file?
>
> the traffic must with header and payload
>
> thank a lot
>
> scuse me for my bad english

Use 'tcpdump'.

DS

David Schwartz alle Friday 05 September 2008 18:49 ha scritto:

>
> Use 'tcpdump'.

I have tryed it with command:

tcpdumd -i eth0 -n -w ./file

but file contains character not readable

can i read it with java and extract the payload with ip sender and ip
receiver?

thanks

--
Riccardo (http://termitano.myminicity.com, visitate e se volete partecipate
sul http://www.iltermitano.it/)

A computer is like an air conditioner,
it stops working when you open Windows.
Registered Linux user #457776

RicK_Murphy

writes:

> David Schwartz alle Friday 05 September 2008 18:49 ha scritto:
>
>>
>> Use 'tcpdump'.
>
> I have tryed it with command:
>
> tcpdumd -i eth0 -n -w ./file
>
> but file contains character not readable
>
> can i read it with java and extract the payload with ip sender and ip
> receiver?
>
> thanks

You can read it with tcpdump -r ./file.

Daniel

--
Daniel Horecki
http://morr.pl http://linux.pl http://netbsd.pl
HAIL ERIS!

On Sep 5, 9:56*am, RicK_Murphy
> I have tryed it with command:
>
> tcpdumd -i eth0 -n -w ./file
>
> but file contains character not readable

How did you try to read it?

> can i read it with java and extract the payload with ip sender and ip
> receiver?

Certainly. The libpcap file format is well-documented. See the link
below:
http://wiki.wireshark.org/Development/LibpcapFileFormat

DS

RicK_Murphy wrote:
> David Schwartz alle Friday 05 September 2008 18:49 ha scritto:
>
>> Use 'tcpdump'.
>
> I have tryed it with command:
>
> tcpdumd -i eth0 -n -w ./file
>
> but file contains character not readable
>
> can i read it with java and extract the payload with ip sender and ip
> receiver?

You should increase the packet capture size with -s if you want more
than the headers.

You can read the resultant file with tcpdump or wireshark.

There might be something in Java that can read pcap file formats, or you
can probably write one, or you can just use tcpdump or wireshark.

Allen Kistler alle Friday 05 September 2008 21:23 ha scritto:



> There might be something in Java that can read pcap file formats, or you
> can probably write one, or you can just use tcpdump or wireshark.

thanks

I find it: jpcap
for java

thanks a lot


--
Riccardo (http://termitano.myminicity.com, visitate e se volete partecipate
sul http://www.iltermitano.it/)

A computer is like an air conditioner,
it stops working when you open Windows.
Registered Linux user #457776

Allen Kistler writes:

> You should increase the packet capture size with -s if you want more
> than the headers.


if you want everything, use -s0
(zero defaults to the max)