Date: Wed, 17 Jan 1996 20:10:32 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: philw@megasoft.tic.ab.ca (Phillip White) Cc: msmith@atrad.adelaide.edu.au, freebsd-questions@freebsd.org Subject: Re: ethernet packet sniffer. Message-ID: <199601170940.UAA02308@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.BSF.3.91.960117021538.14508A-100000@megasoft.tic.ab.ca> from "Phillip White" at Jan 17, 96 02:19:03 am
next in thread | previous in thread | raw e-mail | index | archive | help
Phillip White stands accused of saying: > > > what I'm looking for but rather the same funtionality that is in > > > Solaris's "snoop" command. > > > > Can you be more specific about what it is that tcpdump doesn't do? > > > Sure.. From the way I see it function, it only shows packets not what is > in the packets. Like if someone is on your machine entering information > at any prompt ie. telnet, ftp, bash, etc you actually see what they are > typing, typically in a line going down the screen because it is streaming. > Tcpdump just shows the whole packet and what type the packet is, ie. > netbeui, tcp etc.. and where it is going or coming from etc.. So what you want isn't an Ethernet packet sniffer at all, but a tty watcher. Look at the 'snp' device and the 'watch' command. Tcpdump will tell you (in exhaustive detail) exactly what's in a packet. Read the manpage and pay particular attention to the '-s' and '-x' options. As an example, 'tcpdump -vv -l -s 1600 -x' is pretty exhaustive. You will want a fast nameserver for this to be useful, try adding '-n' if you have problems with lost packets. > Phil.. -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] "Who does BSD?" "We do Chucky, we do." [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601170940.UAA02308>