[lug] Mailman question
Chip Atkinson
chip at pupman.com
Mon Mar 10 08:31:41 MDT 2008
Yes, the reason for "preferring" is that wireshark/ethereal isn't
installed on the server and didn't bother to download the dumps to the
desktop machine. That's my specific case at least.
tcpdump is text/command line based so wireshark woulnd't be as handy for
scripting.
Chip
On Sun, 9 Mar 2008, karl horlen wrote:
> Perfect.
>
> The key is to specify the interface and the port.
>
> Even better that you anticipated my followup question
> which was how easy the dump would be to read. It
> sounds like you need another utility 'wireshark' to
> make analyzing the dump manageable.
>
> Any reason why one would use or prefer tcpdump over
> ethereal?
>
> Thanks
>
> > Run tcpdump on the web server or on the client:
> >
> > tcpdump -i eth0 -w httpsniff.tcpdump -s 0 -vv port
> > 80
> >
> > will start a sniff on interface eth0, write the
> > results to the file
> > httpsniff.tcpdump, capture the full package, extra
> > verbosely, all
> > packets that have a source or destination of port
> > 80.
> >
> > After the dump is written out, I load it into
> > wireshark and use
> > Analyze-TCP Stream which will usually print out
> > everything in a nice
> > human readable format.
> >
> > Hugh
> > _______________________________________________
> > Web Page: http://lug.boulder.co.us
> > Mailing List:
> > http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: lug.boulder.co.us port=6667
> > channel=#colug
> >
>
>
>
> ____________________________________________________________________________________
> Looking for last minute shopping deals?
> Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list