[Centos] Where is ethereal?

Ted Kaczmarek tedkaz at optonline.net
Sun Jan 9 01:59:06 UTC 2005


On Sat, 2005-01-08 at 19:45 -0500, Matt Shields wrote:
> ethereal/tethereal will do that for you.  Here's part of a sample
> command line that I used to capture while I was browsing Google(I cut
> out some lines).  If you look at the 2nd line you'll see where I
> submitted the query to Google for centos.  In the past(and this is
> going back quite a few years, I've used ethereal to help users get
> their mail passwords back, because email username/passwords are
> unencrypted.
> 
> [root at matt-test root]# tethereal  | grep -vi SSH | grep -vi vrrp |
> grep -vi stp | grep -v 5901
> Capturing on eth0
>   0.017168   10.0.3.225 -> 10.0.3.255   NBNS Name query NB KAMENSDEV<00>
>   0.699144   10.0.2.168 -> 64.233.167.104 HTTP GET
> /search?hl=en&q=centos&btnG=Google+Search HTTP/1.1
>   0.739789 64.233.167.104 -> 10.0.2.168   TCP http > 38760 [ACK] Seq=0
> Ack=602 Win=29400 Len=0
>   0.761950 64.233.167.104 -> 10.0.2.168   HTTP HTTP/1.1 200
> OK[Unreassembled Packet]
>   0.762214   10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK]
> Seq=602 Ack=1430 Win=22880 Len=0
>   0.764795 64.233.167.104 -> 10.0.2.168   HTTP Continuation
>   0.764988   10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK]
> Seq=602 Ack=1689 Win=22880 Len=0
>   0.801813 Intel_b1:cc:20 -> Broadcast    ARP Who has 10.0.3.225? 
> Tell 10.0.2.148
>   0.885105 64.233.167.104 -> 10.0.2.168   HTTP Continuation
>   0.885313   10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK]
> Seq=602 Ack=3119 Win=25740 Len=0
>   0.893630 64.233.167.104 -> 10.0.2.168   HTTP Continuation
>   0.893905   10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK]
> Seq=602 Ack=4156 Win=28600 Len=0
> 47 packets dropped
> 743 packets captured
47 dropped? That is quite high, is this a low powered box or some lower
end hardware?  Actually, I don't even recall the last time I saw libpcap
drop any packets, its been so long.

Ted





More information about the CentOS mailing list