tcpdump, where are the capture logs stored?

So I would need to provide a path then, ok makes sense.   But what if I just put tcpdump -w capture.log?  Where would that be located?

Just tried a test, tcpdump -i eth1 host xxx.xxx.xxx.xxx -w /tmp/capture.log

But when I go to that directory, no capture.log    ?

And are you getting any traffic to host xxx.xxx.xxx.xxx

try without the filter.

The file is created ok using
tcpdump -i eth0 /tmp/log.log

and reading the file afterwards with
tcpdump -r /tmp/log.log
also works

Yes, I was getting traffic to the host.  Using "tcpdump -i eth1 /tmp/capture.log" without the -w switch yields a syntax error.  I did know about reading the file using the -r switch, but if I wanted to output for later, I can't seem to find it.

There should be a -w my typo
And you are sure that the traffic is going through eth0 as you are getting the log on console when not sending it to the file?

Well it's eth1, but yes, I can see the traffic.  If I were to leave out the -w capturefile part, all the captured packets stream by on the screen.

And there is plenty of diskspace on the machine?

Absolutely, almost 70 G free.   Here is some additional information if helpful.  I am using Putty through WinSCP, and sshing into a ClarkConnect box.  Using WinSCP to move around the directory structure.  Doing this does not reveal the capture log (as of yet).

Sorry out of ideas for now

Anyone else?

Actually the tcpdump file is located in the work directory, it mean if the file located in /root directory cause the tcpdump then the dump file will be located there

I looked in the root directory, and could not find the file though.

As I mentioned, I was using WinSCP3 to do all this.  The issue was that I needed to refresh the view to see the capture.  If I was simply using putty and an "ls" command the file would show up there, but not in WinSCP3, until I did a refresh.  Thanks for the help.