From owner-freebsd-questions  Wed Jul 30 00:36:21 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id AAA15971
          for questions-outgoing; Wed, 30 Jul 1997 00:36:21 -0700 (PDT)
Received: from freebie.lemis.com (gregl1.lnk.telstra.net [139.130.136.133])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA15962;
          Wed, 30 Jul 1997 00:36:07 -0700 (PDT)
Received: (grog@localhost) by freebie.lemis.com (8.8.6/8.6.12) 
       id RAA00756; Wed, 30 Jul 1997 17:05:58 +0930 (CST)
From: grog@FreeBSD.ORG
Message-Id: <199707300735.RAA00756@freebie.lemis.com>
Subject: Re: tcptrace.
In-Reply-To: <XFMail.970730013037.mark@intervista.net> from "mark@intervista.net" at "Jul 30, 97 01:28:30 am"
To: mark@intervista.net
Date: Wed, 30 Jul 1997 17:05:58 +0930 (CST)
Cc: questions@FreeBSD.ORG
Organisation:   LEMIS, PO Box 460, Echunga SA 5153, Australia
Phone:          +61-8-8388-8250
Fax:            +61-8-8388-8250
Mobile:         +61-41-739-7062
WWW-Home-Page:  http://www.lemis.com/~grog
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

mark@intervista.net writes:
> i was wondering if anyone knows where to get tcptrace.i had the
> website and i forgot the address!

I suspect part of the problem is that you've forgotten the name of the
packet, too.  I think you're talking about tcpdump.  It's part of the
FreeBSD distribution, so you don't need to go looking for it.

> what exacly will tcptrace do.does it parce the packets and show
> ALL activities and network traffic?

If you want.  More importantly, you can give it search expression
which show only the stuff you're interested in.  

For example, if I want to see what's going on between here and
hub.freebsd.org, I can enter:

# tcpdump -i tun0 host hub.freebsd.org
tcpdump: listening on tun0
17:04:45.184501 gregl1.lnk.telstra.net.1020 > hub.FreeBSD.ORG.login: P 705673731:705673732(1) ack 919555097 win 17520 (DF) [tos 0x10]
17:04:45.600277 hub.FreeBSD.ORG.login > gregl1.lnk.telstra.net.1020: P 1:3(2) ack 1 win 17520 (DF) [tos 0x10]
17:04:45.760109 gregl1.lnk.telstra.net.1020 > hub.FreeBSD.ORG.login: . ack 3 win 17520 (DF) [tos 0x10]
17:04:47.950705 hub.FreeBSD.ORG.login > gregl1.lnk.telstra.net.1020: P 3:55(52) ack 1 win 17520 (DF) [tos 0x10]
17:04:47.960150 gregl1.lnk.telstra.net.1020 > hub.FreeBSD.ORG.login: . ack 55 win 17520 (DF) [tos 0x10]
17:04:50.120960 gregl1.lnk.telstra.net.1020 > hub.FreeBSD.ORG.login: P 1:2(1) ack 55 win 17520 (DF) [tos 0x10]
17:04:50.570342 hub.FreeBSD.ORG.login > gregl1.lnk.telstra.net.1020: P 55:63(8) ack 2 win 17520 (DF) [tos 0x10]

This is part of an interactive rlogin session (thus the port login on
hub).  The -i option specifies the interface which you want to
monitor.

Greg