[Centos] Where is ethereal?

Sun Jan 9 13:45:24 UTC 2005
Matt Shields <mattboston at gmail.com>

It's a PII300.  For now it's the only hardware I have for a test
machine.  I can not to use my production or dev servers for anything
other than what they are running.  Our company has an extremely strict
policy about change control and what gets installed or run on servers.
So I use the test server to try something out, then move it to dev,
then when it's been proven it's moved to production.  Each change
documented fully including fallback procedure and has to be signed off
by each department's director. Kinda pain in the butt, but it's been
helpful when something hasn't gone right.

-- 
Matt Shields
http://masnetworks.biz
http://www.centos.org
http://www.caosity.org

On Sat, 08 Jan 2005 20:59:06 -0500, Ted Kaczmarek <tedkaz at optonline.net> wrote:
> On Sat, 2005-01-08 at 19:45 -0500, Matt Shields wrote:
> > ethereal/tethereal will do that for you.  Here's part of a sample
> > command line that I used to capture while I was browsing Google(I cut
> > out some lines).  If you look at the 2nd line you'll see where I
> > submitted the query to Google for centos.  In the past(and this is
> > going back quite a few years, I've used ethereal to help users get
> > their mail passwords back, because email username/passwords are
> > unencrypted.
> >
> > [root at matt-test root]# tethereal  | grep -vi SSH | grep -vi vrrp |
> > grep -vi stp | grep -v 5901
> > Capturing on eth0
> >   0.017168   10.0.3.225 -> 10.0.3.255   NBNS Name query NB KAMENSDEV<00>
> >   0.699144   10.0.2.168 -> 64.233.167.104 HTTP GET
> > /search?hl=en&q=centos&btnG=Google+Search HTTP/1.1
> >   0.739789 64.233.167.104 -> 10.0.2.168   TCP http > 38760 [ACK] Seq=0
> > Ack=602 Win=29400 Len=0
> >   0.761950 64.233.167.104 -> 10.0.2.168   HTTP HTTP/1.1 200
> > OK[Unreassembled Packet]
> >   0.762214   10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK]
> > Seq=602 Ack=1430 Win=22880 Len=0
> >   0.764795 64.233.167.104 -> 10.0.2.168   HTTP Continuation
> >   0.764988   10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK]
> > Seq=602 Ack=1689 Win=22880 Len=0
> >   0.801813 Intel_b1:cc:20 -> Broadcast    ARP Who has 10.0.3.225?
> > Tell 10.0.2.148
> >   0.885105 64.233.167.104 -> 10.0.2.168   HTTP Continuation
> >   0.885313   10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK]
> > Seq=602 Ack=3119 Win=25740 Len=0
> >   0.893630 64.233.167.104 -> 10.0.2.168   HTTP Continuation
> >   0.893905   10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK]
> > Seq=602 Ack=4156 Win=28600 Len=0
> > 47 packets dropped
> > 743 packets captured
> 47 dropped? That is quite high, is this a low powered box or some lower
> end hardware?  Actually, I don't even recall the last time I saw libpcap
> drop any packets, its been so long.
> 
> Ted
> 
> _______________________________________________
> CentOS mailing list
> CentOS at caosity.org
> http://lists.caosity.org/mailman/listinfo/centos
>