Capture with tcpdump and read in Wireshark on another computer

To capture a tcpdump that’s readable from wireshark do the following:

tcpdump -i <interface> -s 65535 -w <some-file>.cap

Where <interface> is coming from an ifconfig, and <some-file>.cap is your capture file name, i.e. tcpdump_09242012.cap.

Then just transfer to a computer with wireshark. *.cap should already be a filetype assigned to wireshark so you can just double click it.

I’ve¬†successfully¬†done this tcpdump on a RHEL5 system.