read data from tcp packets #tcpdump


I was into a scenario where I had to read the contents of the tcp packets being sent on a particular port. Kamesh, my friend came to my rescue and taught me the below command.

tcpdump -i eth0 -XX -s0 “port 3690” -w /tmp/kk


This command reads the packets sent throught the port 3690 and parses them and prints the data of each packet, which is redirected to a file /tmp/kk.
But sometime down the lane, I came to know that -s0 in the above command sets snaplen bytes of data from each packet to the default of  65535  bytes.



tcpdump -i eth0 -XX “port 3690” -w /tmp/kk

would really do the job for us 🙂

Now I was able to read the data such as the arguments passed from one function to another over the network through that port.


See man tcpdump for more info…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s