How to display all data using tcpdump?

Question

I am capturing network traffic by using tcpdump. The problem is: I can't see all capture data when the package is too long. For example, when the tcp frame length is more than 500, I just see 100-200 or less. How to display all frame data(500+)?

I have tried add -vv and -vvv parameter. This is my current command:

 tcpdump -i eth1 tcp and host 10.27.13.14 and port 6973 -vv -X -c 1000

@mrg I just want to see in the terminal,I am tracing instance traffic.I have no GUI — Dolphin, Jul 13 '16 at 03:49

score 19 · Accepted Answer · answered Jul 13 '16 at 04:47

19

Add -s0 parameter:

tcpdump -i eth1 tcp and host 10.27.13.14 and port 6973 -s0 -vv -X -c 1000

answered Jul 13 '16 at 04:47

Dolphin

29,069
61
260
539

1

`-s snaplen` `--snapshot-length=snaplen` Setting snaplen to 0 sets it to the default of 262144, for backwards compatibility with recent older versions of tcpdump. – Julien Apr 02 '19 at 08:44

How to display all data using tcpdump?

1 Answers1