Date: Fri, 21 Nov 1997 23:56:43 +0100 From: sthaug@nethelp.no To: nate@mt.sri.com Cc: hackers@FreeBSD.ORG Subject: Re: Getting ethernet packets content under FreeBSD? Message-ID: <12897.880153003@verdi.nethelp.no> In-Reply-To: Your message of "Fri, 21 Nov 1997 14:46:27 -0700" References: <199711212146.OAA15613@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Is it possible to easily? I'm trying to debug a protocol, and w/out the > contents of the data being sent in the packets it's awful hard to do. > Is there anyway of dumping out the actual packet contents somewhere > instead of dumping out the packet headers, which are less than useful > for upper-layer TCP/IP protocol debugging. libpcap is your friend. You need BPF in the kernel, of course. A good start would be ftp://ee.lbl.gov/pcapture-0.2.1.tar.Z, which is a program that uses libpcap to capture packets: DESCRIPTION Pcapture captures the last few packets that match the boolean expression. The packets are collected in a circu lar buffer; when a signal (TERM, INT, or HUP) is received, the are written out to the raw packet file. (Notice that a raw packet file must be specified using the -w flag.) Should be easy enough to modify to record the data continuously. Or you could just use 'tcpdump -w'. Steinar Haug, Nethelp consulting, sthaug@nethelp.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12897.880153003>