On Sat, 2005-01-08 at 19:45 -0500, Matt Shields wrote:
ethereal/tethereal will do that for you. Here's part of a sample command line that I used to capture while I was browsing Google(I cut out some lines). If you look at the 2nd line you'll see where I submitted the query to Google for centos. In the past(and this is going back quite a few years, I've used ethereal to help users get their mail passwords back, because email username/passwords are unencrypted.
[root@matt-test root]# tethereal | grep -vi SSH | grep -vi vrrp | grep -vi stp | grep -v 5901 Capturing on eth0 0.017168 10.0.3.225 -> 10.0.3.255 NBNS Name query NB KAMENSDEV<00> 0.699144 10.0.2.168 -> 64.233.167.104 HTTP GET /search?hl=en&q=centos&btnG=Google+Search HTTP/1.1 0.739789 64.233.167.104 -> 10.0.2.168 TCP http > 38760 [ACK] Seq=0 Ack=602 Win=29400 Len=0 0.761950 64.233.167.104 -> 10.0.2.168 HTTP HTTP/1.1 200 OK[Unreassembled Packet] 0.762214 10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK] Seq=602 Ack=1430 Win=22880 Len=0 0.764795 64.233.167.104 -> 10.0.2.168 HTTP Continuation 0.764988 10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK] Seq=602 Ack=1689 Win=22880 Len=0 0.801813 Intel_b1:cc:20 -> Broadcast ARP Who has 10.0.3.225? Tell 10.0.2.148 0.885105 64.233.167.104 -> 10.0.2.168 HTTP Continuation 0.885313 10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK] Seq=602 Ack=3119 Win=25740 Len=0 0.893630 64.233.167.104 -> 10.0.2.168 HTTP Continuation 0.893905 10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK] Seq=602 Ack=4156 Win=28600 Len=0 47 packets dropped 743 packets captured
47 dropped? That is quite high, is this a low powered box or some lower end hardware? Actually, I don't even recall the last time I saw libpcap drop any packets, its been so long.
Ted