How to Capture a Tcpdump for Linux
Article ID: 292354
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR
Issue/Introduction
Command to run for packet captures that can be opened in Wireshark for analysis
Environment
- Carbon Black Cloud Sensor: All Versions
- Linux: All Supported Versions
Resolution
Run:
tcpdump -i any -s 64000 -w tcpdump.pcap
Additional Information
-w makes the file format readable in Wireshark.
Feedback
Yes
No
Powered by
