Date: Thu, 6 Apr 2000 14:42:54 -0700 From: Jon Rust <jpr@vcnet.com> To: freebsd-questions@freebsd.org Subject: Re: tcpdump | tcpshow, and buffering Message-ID: <p043101edb512b4932ef7@[209.239.239.22]> In-Reply-To: <p043101ecb512aea2c91f@[209.239.239.22]> References: <p043101ecb512aea2c91f@[209.239.239.22]>
next in thread | previous in thread | raw e-mail | index | archive | help
The answer to my own question may be /usr/ports/ngrep which serves my needs perfectly. Sorry to waste list b/w. Maybe someone else will find it useful... jon At 2:19 PM -0700 4/6/00, Jon Rust wrote: >I've been trying to use tcpdump and tcpshow to snoop my network on >occassion. Mostly to watch what lusers are doing when they can't get >into our mail server (wrong pass, username, etc). The command line >is: > > tcpdump -enxs 1508 host blah.blah.com and port 110 | tcpshow -cooked > >However, it seems there's quite a bit of buffering by tcpshow going >on here. I get absolutely nothing displayed until the user has >pushed (or pulled) a lot of traffic. Makes it tough to do things >like just verify a POP session. > >Any better way to do it? > >jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p043101edb512b4932ef7>