Tcpdump

tcpdump

some tcpdump options...

write capture to file

use '-w FILE' to write captures to a file...
to get the full packet captured (e.g. for reassembly a stream) use -s0
which prevents to cap the packet size...

tcpdump [...] -w /path/2/file [-s0]

capture IPv6 only

tcpdump [options] ip6 [and not port 22 [and ...]]

Packet Reassembly

i'm testing with:

1. tcpxtract
2. tcpreplay (& Co.)
3. xtract.py
4. xplico
5. chaosreader
6. nftracker