From owner-freebsd-questions  Thu Apr  6 14:19:15 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from vcnet.com (mail.vcnet.com [209.239.239.15])
	by hub.freebsd.org (Postfix) with SMTP id 2BB4937BA41
	for <freebsd-questions@freebsd.org>; Thu,  6 Apr 2000 14:19:07 -0700 (PDT)
	(envelope-from jpr@vcnet.com)
Received: (qmail 91440 invoked from network); 6 Apr 2000 21:19:01 -0000
Received: from joff.vc.net (HELO ?209.239.239.22?) (209.239.239.22)
  by mail.vcnet.com with SMTP; 6 Apr 2000 21:19:01 -0000
Mime-Version: 1.0
Message-Id: <p043101ecb512aea2c91f@[209.239.239.22]>
Date: Thu, 6 Apr 2000 14:19:00 -0700
To: freebsd-questions@freebsd.org
From: Jon Rust <jpr@vcnet.com>
Subject: tcpdump | tcpshow, and buffering
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I've been trying to use tcpdump and tcpshow to snoop my network on 
occassion. Mostly to watch what lusers are doing when they can't get 
into our mail server (wrong pass, username, etc). The command line is:

   tcpdump -enxs 1508 host blah.blah.com and port 110 | tcpshow -cooked

However, it seems there's quite a bit of buffering  by tcpshow going 
on here. I get absolutely nothing displayed until the user has pushed 
(or pulled) a lot of traffic. Makes it tough to do things like just 
verify a POP session.

Any better way to do it?

jon


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message