Jump to content

TCP DUMP - Must remain on module page to capture!!

Recommended Posts

This is extremely frustrating.  I just received my Mark VII and this thing is really disappointing.  I used the Tetra for a few years and it has worked great to capture pcaps for analysis.  I test IOT devices and captures have helped me solve many issues in the past.  

WHHYY must I remain in the module page for the capture to continue.  With the Tetra I would start a capture log, log out of the pineapple, allow it to log for hour+, log back in and download my PCAP.  This thing sucks, I literally have to have the tab open on the screen for data to be captured.  The Tetra has worked great for me and deft a lot more stable then this Mark VII.   

Am I doing something wrong???????



Link to comment
Share on other sites

Well, I played with this today and had an idea to run tcpdump from a shell but no luck.  I can start a capture from  a shell using #tcpdump -i br-lan > filename.pcap  but when attempting to open the pcap the file is unreadable in Wireshark.  I thought I had found my work around but disappointment strikes again.    


Link to comment
Share on other sites

I guess you're getting an error message like this when you try to open the file you created using the command line you pasted in the post above.

The file "xxxxxxxx.pcap" isn't a capture file in a format Wireshark understands.

That's just because you capture in the wrong way. Try something like this instead.

tcpdump -i br-lan -s 0 -w /tmp/dump_$(date +%Y-%m-%d-%H%M%S).pcap


Link to comment
Share on other sites

  • 2 weeks later...


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...