From owner-freebsd-questions@FreeBSD.ORG  Fri Jul 25 12:17:04 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2F9B01065671
	for <freebsd-questions@freebsd.org>;
	Fri, 25 Jul 2008 12:17:04 +0000 (UTC) (envelope-from rvm@CBORD.com)
Received: from smssmtp.cbord.com (mx1.cbord.com [24.39.174.11])
	by mx1.freebsd.org (Postfix) with ESMTP id CA5F08FC1B
	for <freebsd-questions@freebsd.org>;
	Fri, 25 Jul 2008 12:17:03 +0000 (UTC) (envelope-from rvm@CBORD.com)
X-AuditID: ac1f0165-0000023c00000114-de-4889c4587c25 
Received: from Email.cbord.com ([10.1.1.100]) by smssmtp.cbord.com with
	Microsoft SMTPSVC(6.0.3790.1830); Fri, 25 Jul 2008 08:17:28 -0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Date: Fri, 25 Jul 2008 08:16:16 -0400
Message-ID: <FF8482A96323694490C194BABEAC24A00306A17D@Email.cbord.com>
In-Reply-To: <20080725123722.3f2263d0@ayiin>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [OT ? ] getting stats out of network capture
Thread-Index: Acjt/0b1YmH9SWERSFSNgf26fpvw1wAT/+0g
References: <20080725101242.64fdabc1@ayiin><40515BC3-EB63-4A74-9A4F-B91A6C1D1B4D@mac.com>
	<20080725123722.3f2263d0@ayiin>
From: "Bob McConnell" <rvm@CBORD.com>
To: <freebsd-questions@freebsd.org>
X-Brightmail-Tracker: AAAAAA==
Subject: RE: [OT ? ] getting stats out of network capture
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Jul 2008 12:17:04 -0000

On Behalf Of Norberto Meijome

>On Thu, 24 Jul 2008 17:42:04 -0700
>Chuck Swiger <cswiger@mac.com> wrote:
>=20
>> Try something like this on the webserver or client machine:
>>=20
>> # tcpdump -ttt -q -n -A tcp port 80
>=20
> Excellent, thanks Chuck.
> I haven't got access to the server, and the client has to
> run on a win32 ... so i'll figure out how to tcpdump on w32
> or howto in wireshark gui.

On MS-Windows, the easiest option is to download and install Wireshark
1.0, which will also install Winpcap. It gives you the option of
installing Winpcap as a system service, which enables it for all users,
even the non-admin types.

When you use it, if possible, always tie it to the NIC, not the NDIS
layer. A lot of traffic is sidetracked before it gets to NDIS. In some
cases where the NIC is not supported, we have found that the only
traffic Wireshark can capture is what is left after every other process
has received theirs.

Bob McConnell