From owner-freebsd-questions  Wed Jan 17 01:38:08 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id BAA29182
          for questions-outgoing; Wed, 17 Jan 1996 01:38:08 -0800 (PST)
Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120])
          by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id BAA29048
          for <freebsd-questions@freebsd.org>; Wed, 17 Jan 1996 01:35:59 -0800 (PST)
Received: from msmith@localhost by genesis.atrad.adelaide.edu.au (8.6.12/8.6.9) id UAA02308; Wed, 17 Jan 1996 20:10:32 +1030
From: Michael Smith <msmith@atrad.adelaide.edu.au>
Message-Id: <199601170940.UAA02308@genesis.atrad.adelaide.edu.au>
Subject: Re: ethernet packet sniffer.
To: philw@megasoft.tic.ab.ca (Phillip White)
Date: Wed, 17 Jan 1996 20:10:32 +1030 (CST)
Cc: msmith@atrad.adelaide.edu.au, freebsd-questions@freebsd.org
In-Reply-To: <Pine.BSF.3.91.960117021538.14508A-100000@megasoft.tic.ab.ca> from "Phillip White" at Jan 17, 96 02:19:03 am
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-questions@freebsd.org
Precedence: bulk

Phillip White stands accused of saying:
> > > what I'm looking for but rather the same funtionality that is in 
> > > Solaris's "snoop" command.
> > 
> > Can you be more specific about what it is that tcpdump doesn't do?
> > 
> Sure..  From the way I see it function, it only shows packets not what is 
> in the packets.  Like if someone is on your machine entering information 
> at any prompt ie. telnet, ftp, bash, etc you actually see what they are 
> typing, typically in a line going down the screen because it is streaming.
> Tcpdump just shows the whole packet and what type the packet is, ie. 
> netbeui, tcp etc.. and where it is going or coming from etc..

So what you want isn't an Ethernet packet sniffer at all, but a tty 
watcher.  Look at the 'snp' device and the 'watch' command.

Tcpdump will tell you (in exhaustive detail) exactly what's in a packet.
Read the manpage and pay particular attention to the '-s' and '-x' options.

As an example, 'tcpdump -vv -l -s 1600 -x' is pretty exhaustive.  You will
want a fast nameserver for this to be useful, try adding '-n' if you
have problems with lost packets.

> Phil..

-- 
]] Mike Smith, Software Engineer        msmith@atrad.adelaide.edu.au    [[
]] Genesis Software                     genesis@atrad.adelaide.edu.au   [[
]] High-speed data acquisition and      (GSM mobile) 0411-222-496       [[
]] realtime instrument control          (ph/fax)  +61-8-267-3039        [[
]] "Who does BSD?" "We do Chucky, we do."                               [[