When using the 'tcpdump' command, you may try to save the capture file to the /home/admin/transfers folder to be downloaded through the SEDR appliance web interface.

The 'tcpdump' command was previously locked down to only the /home/admin folder.

Starting with SEDR 4.2, you can save packet captures to the /home/admin/transfers folder. Once the capture is saved, you can download the file from the bottom of the Global Settings page at the File Transfer option.

Note: This only works on the Manager or All in One role, if you are performing a packet capture on a Scanner only role, you will need to use SCP to copy the file to a local computer with the 'getpcap' command.