can tcpdump capture more than packet headers?

Hi Guys,
No excuses for ignorance but I have been playing with tcpdump to
capture application data passing between two computers (no switch). All
that seems to be displayed is packet header information. The
client(-server) application is communicating using the netbios-ssn
(netbeui) protocol. I have tried increasing the packet size (using -s)
still no joy. Can I capture data from the 'higher' layers(above network
layer on osi model)?
Thanks,
Eddie

eddie wrote:
> No excuses for ignorance but I have been playing with tcpdump to
> capture application data passing between two computers (no switch). All
> that seems to be displayed is packet header information. The
> client(-server) application is communicating using the netbios-ssn
> (netbeui) protocol. I have tried increasing the packet size (using -s)
> still no joy. Can I capture data from the 'higher' layers(above network
> layer on osi model)?

tcpdump can capture it all.
I'm uncertain how much tcpdump can dissect of NetBEUI, though.
Use -v, -vv, or -vvv to display additional info.
You may need to write to a file, then analyze with WireShark (or just
capture with WireShark).

Allen Kistler wrote:
> eddie wrote:
>
>>No excuses for ignorance but I have been playing with tcpdump to
>>capture application data passing between two computers (no switch). All
>>that seems to be displayed is packet header information. The
>>client(-server) application is communicating using the netbios-ssn
>>(netbeui) protocol. I have tried increasing the packet size (using -s)
>>still no joy. Can I capture data from the 'higher' layers(above network
>>layer on osi model)?
>
>
> tcpdump can capture it all.
> I'm uncertain how much tcpdump can dissect of NetBEUI, though.
> Use -v, -vv, or -vvv to display additional info.
> You may need to write to a file, then analyze with WireShark (or just
> capture with WireShark).

try -X or -XX with -s<length> to specify the largest pkt size you expect.
See "man tcpdump".

C

thanks guys - the -X option looks good - gave it a quick go before but
still seemed to be just packet headers. Will give it a good test this
evening.
Chris Lowth wrote:
> Allen Kistler wrote:
> > eddie wrote:
> >
> >>No excuses for ignorance but I have been playing with tcpdump to
> >>capture application data passing between two computers (no switch). All
> >>that seems to be displayed is packet header information. The
> >>client(-server) application is communicating using the netbios-ssn
> >>(netbeui) protocol. I have tried increasing the packet size (using -s)
> >>still no joy. Can I capture data from the 'higher' layers(above network
> >>layer on osi model)?
> >
> >
> > tcpdump can capture it all.
> > I'm uncertain how much tcpdump can dissect of NetBEUI, though.
> > Use -v, -vv, or -vvv to display additional info.
> > You may need to write to a file, then analyze with WireShark (or just
> > capture with WireShark).
>
> try -X or -XX with -s<length> to specify the largest pkt size you expect.
> See "man tcpdump".
>
> C