Date: Mon, 11 Nov 2002 21:17:55 -0800 From: Erick Mechler <emechler@techometer.net> To: Duncan Patton a Campbell is Dhu <freebsd@babayaga.neotext.ca> Cc: security <security@FreeBSD.ORG> Subject: Re: tcpdump question Message-ID: <20021112051755.GS96637@techometer.net> In-Reply-To: <20021112042109.M47365@babayaga.neotext.ca> References: <20021109231151.GF33758@roughtrade.net> <Pine.GSO.4.44.0211111114070.27378-100000@mail.ilrt.bris.ac.uk> <20021112042109.M47365@babayaga.neotext.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
:: I excute tcpdump as follows:
::
:: wta# tcpdump
:: tcpdump: listening on rl0
:: 20:15:38.334292 wta.indx.ca > babayaga.neotext.ca:
:: ESP(spi=0x000012f5,seq=0x5aa5) (DF) [tos 0x10]
:: ^C
:: 20:15:38.348979
:: 583 packets received by filter
:: 0 packets dropped by kernel
:: So, ummh, where are all the other packets?
Try running tcpdump with the -l ('el') flag and piping to `tee` as
documented in the manpage. The -n flag will also speed up tcpdump's work.
You should get what you expect using those two flags together.
Cheers - Erick
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021112051755.GS96637>