From owner-freebsd-questions@FreeBSD.ORG Sat Mar 28 19:40:43 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E1D8877C for ; Sat, 28 Mar 2015 19:40:43 +0000 (UTC) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 990AAD99 for ; Sat, 28 Mar 2015 19:40:43 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Ybwap-0002d4-DL for freebsd-questions@freebsd.org; Sat, 28 Mar 2015 20:40:27 +0100 Received: from pool-72-66-1-32.washdc.fios.verizon.net ([72.66.1.32]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 28 Mar 2015 20:40:27 +0100 Received: from nightrecon by pool-72-66-1-32.washdc.fios.verizon.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 28 Mar 2015 20:40:27 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Michael Powell Subject: Re: ipfw question Date: Sat, 28 Mar 2015 15:40:17 -0400 Lines: 35 Message-ID: References: <55122B21.60905@hiwaay.net> <55162284.6040806@hiwaay.net> <5516BB73.7010108@hiwaay.net> <26D37EC0-1C91-4009-A5C6-7B40CDE4099B@gmail.com> <5516BF68.9040806@hiwaay.net> <3782D86A-E280-4C01-B492-D1982D372808@gmail.com> <5516C210.6090806@hiwaay.net> <07C9255C-5CDA-4C96-A227-EB28FC836BF5@gmail.com> <5516C8CB.4050505@hiwaay.net> Reply-To: nightrecon@hotmail.com Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 7Bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: pool-72-66-1-32.washdc.fios.verizon.net X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Mar 2015 19:40:44 -0000 William A. Mahaffey III wrote: [snip] >>> >>> "The M1 Garand is without doubt the finest implement of war >>> ever devised by man." >>> -- Gen. George S. Patton Jr. And, oddly enough after many, many years mine still works fine. >> Wireshark is pretty but requires X11. It also does a better job of making >> the output understandable. >> >> tcpdump should be included in the base system and is text so works >> without a GUI. You used to be able to take a tcpdump output file and feed >> it to Wireshark for viewing. [snip] > > Very well, I have wireshark already installed (this is a desktop box), > I'll poke around & see what I find. Thanks :-). > tcpdump can save output in a file which Wireshark can import and read. Both have filtering capabilities, so you can use tcpdump to capture everything and use Wireshark to winnow out of the spew what you find interesting. Or, if you already know pretty much which traffic you want to see it's often easier and quicker (come time to view in Wireshark) to do some basic filtering with tcpdump's myriad command line switches first. I do this on interfaces of remote machines which are servers and have no X, copying the file to the desktop with Wireshark. This can improve signal-to-noise ratio. The same information is present, but Wireshark is just better presentation- wise and can perform some analysis that tcpdump can not. -Mike