From owner-freebsd-questions Tue Jul 22 16:28:30 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id QAA06320 for questions-outgoing; Tue, 22 Jul 1997 16:28:30 -0700 (PDT) Received: from townhouse.dyn.ml.org (hunt@nb10ppp231.cac.psu.edu [146.186.16.231]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id QAA06294 for ; Tue, 22 Jul 1997 16:28:00 -0700 (PDT) Received: (from hunt@localhost) by townhouse.dyn.ml.org (8.8.5/8.8.5) id TAA14949; Tue, 22 Jul 1997 19:27:20 -0400 (EDT) Date: Tue, 22 Jul 1997 19:27:20 -0400 (EDT) Message-Id: <199707222327.TAA14949@townhouse.dyn.ml.org> From: Matthew Hunt MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: Bill Fenner Cc: questions@freebsd.org Subject: Re: tcptrace In-Reply-To: <97Jul16.151201pdt.177512@crevenia.parc.xerox.com> References: <19970716163317.50509@astro.psu.edu> <97Jul16.151201pdt.177512@crevenia.parc.xerox.com> X-Mailer: VM 6.22 under 19.15 XEmacs Lucid Sender: owner-freebsd-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Bill Fenner wrote: > Actually, there's a new version of tcptrace released today. I have a port > that works on 2.2.2, I just have to verify that it works on 3.0 and I'll > commit the updated one. I just got around to playing with it, and it seems that the problem we discussed previously depends on the type of interface that tcpdump listens to. The program likes Ethernet dumps, but not (kernel) PPP dumps. I haven't tried any other interfaces. townhouse:~$ tcpdump -i ed1 -w ed1.trace tcpdump: listening on ed1 ^C 2 packets received by filter 0 packets dropped by kernel townhouse:~$ tcptrace ed1.trace 1 args remaining, starting with 'ed1.trace' Ostermann's tcptrace -- version 4.0.2 -- Wed Jul 16, 1997 Running file 'ed1.trace' 2 packets seen, 2 TCP packets traced *** 1 packets were too short to process at some point (use -w option to show details) 1: charon.townhouse.org:1650 - skellar.townhouse.org:23 (a2b) 1> 1< (reset) townhouse:~$ tcpdump -i ppp0 -w ppp0.trace tcpdump: listening on ppp0 ^C 30 packets received by filter 0 packets dropped by kernel townhouse:~$ tcptrace ppp0.trace 1 args remaining, starting with 'ppp0.trace' Ostermann's tcptrace -- version 4.0.2 -- Wed Jul 16, 1997 Running file 'ppp0.trace' Don't understand packet format (9) -- Matthew Hunt * Think locally, act globally.