I was into a scenario where I had to read the contents of the tcp packets being sent on a particular port. Kamesh, my friend came to my rescue and taught me the below command.
tcpdump -i eth0 -XX -s0 “port 3690” -w /tmp/kk
This command reads the packets sent throught the port 3690 and parses them and prints the data of each packet, which is redirected to a file /tmp/kk.
But sometime down the lane, I came to know that -s0 in the above command sets snaplen bytes of data from each packet to the default of 65535 bytes.
tcpdump -i eth0 -XX “port 3690” -w /tmp/kk
would really do the job for us 🙂
Now I was able to read the data such as the arguments passed from one function to another over the network through that port.
See man tcpdump for more info…