Problem using bridge...

**sicarie** · Mar 11 '09, 06:50 PM

tcpdump is awesome because you can see everything - even if it's not processed by the interface. I use it all the time in testing my device configurations, because sometimes I will not see an established TCP connection, but I will be able to see stuff coming and being dropped by my box (indicating I did not configure it correctly).

I'm not familiar with tshark - are you looking to establish a connection, or just use 'tshark' to get something?

If you can see the info with tcpdump, you can always use that to capture packets...

**ashitpro** · Mar 12 '09, 06:42 AM

I am actualy trying to capture RTP packets...
I can get those on bridge with tcpdump but not with tshark/wireshark

**sicarie** · Mar 13 '09, 03:04 PM

Well, you could do a number of things - I'm not familiar with tshark (though I'm more familiar with the Windows version of Wireshark), so I'm sorry I can't help you on that, but you could always pipe tcpdump to a file and filter out RTP, or create a sniffer box out of an old piece of hardware with a program that you are sure will be able to capture the RTP packets.

I'll try to play around with tshark today, but I'm not sure I'll have time - hope one of the other options helps in the meantime.

**sicarie** · Mar 13 '09, 03:07 PM

Just out of curiosity - can you post the tshark command and options you have tried?

**ashitpro** · Mar 16 '09, 07:49 AM

Originally posted by sicarie

Just out of curiosity - can you post the tshark command and options you have tried?

tshark work similarly as tcpdump...
It has some advantages like you can specify filters ti capture the packets..
For example, If we want to capture the udp packets on port 5060 and put the result in some file..we can specify following command

tshark -f "udp port 5060" -i <interface> -w <file name>

Most of the time you'll get the packets trimmed..that it capture size is limited by default..so you can specify -XX and -s options for extensions and size resp..

If you've used the wireshark and its filter you would rather feel the power of tshark in terms of filter..
Again, writing filters is skill...I mostly used simple filters like I've written above..

**ashitpro** · Mar 16 '09, 07:52 AM

Originally posted by sicarie

(though I'm more familiar with the Windows version of Wireshark)

Well, linux version does provides the similar functionality with same UI..
Many time we got to work on remote servers...So this GUI part doesn't help much..that's why I love tshark...

**sicarie** · Mar 21 '09, 02:48 AM

Yeah, and that's why I'm more versed with tcpdump - it's standard in the distros I'm used to using.

I haven't had time to install tshark - they had me running on-call this last week putting out fires. I'll try to get to it this week. Sorry!

Problem using bridge...

Problem using bridge...

Comment

Comment

Comment

Comment

Comment

Comment

Comment