Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Nov 2002 04:16:09 +0200
From:      Giorgos Keramidas <keramida@ceid.upatras.gr>
To:        Darren Pilgrim <dmp@pantherdragon.org>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: A program to list off packet target/source addrs as they pass?
Message-ID:  <20021128021609.GC31196@gothmog.gr>
In-Reply-To: <3DE5794D.80003@pantherdragon.org>
References:  <3DE5794D.80003@pantherdragon.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2002-11-27 18:02, Darren Pilgrim <dmp@pantherdragon.org> wrote:
> I'm in need of a program that can show me just a list of packets as
> they pass through a given interface.  The only information I need
> are the transport protocol (TCP, UDP, etc) and the source and
> destination addresses and ports.
>
> I don't want to know any other information for various privacy/legal
> reasons, this is for debugging and tuning routers and firewalls.
> The idea is to run this on an interface to show what's actually
> passing through.

Use tcpdump.  It's in the base system too:

    gothmog# tcpdump -q -n -l -s 128 -c 10
    tcpdump: listening on tun0
    04:13:47.771703 212.205.244.148.50189 > 195.74.234.20.110: tcp 0 (DF)
    04:13:47.930432 195.74.234.20.110 > 212.205.244.148.50189: tcp 0 (DF)
    04:13:47.930510 212.205.244.148.50189 > 195.74.234.20.110: tcp 0 (DF)
    04:13:48.116406 195.74.234.20.110 > 212.205.244.148.50189: tcp 92 (DF)
    04:13:48.116548 212.205.244.148.50189 > 195.74.234.20.110: tcp 48 (DF)
    04:13:48.284387 195.74.234.20.110 > 212.205.244.148.50189: tcp 0 (DF)
    04:13:48.314383 195.74.234.20.110 > 212.205.244.148.50189: tcp 61 (DF)
    04:13:48.414321 212.205.244.148.50189 > 195.74.234.20.110: tcp 0 (DF)
    04:13:51.315990 212.205.244.148.50189 > 195.74.234.20.110: tcp 6 (DF)
    04:13:51.477971 195.74.234.20.110 > 212.205.244.148.50189: tcp 9 (DF)
    ^C
    26 packets received by filter
    0 packets dropped by kernel


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021128021609.GC31196>