On Sat, 2005-01-08 at 19:45 -0500, Matt Shields wrote: > ethereal/tethereal will do that for you. Here's part of a sample > command line that I used to capture while I was browsing Google(I cut > out some lines). If you look at the 2nd line you'll see where I > submitted the query to Google for centos. In the past(and this is > going back quite a few years, I've used ethereal to help users get > their mail passwords back, because email username/passwords are > unencrypted. > > [root at matt-test root]# tethereal | grep -vi SSH | grep -vi vrrp | > grep -vi stp | grep -v 5901 > Capturing on eth0 > 0.017168 10.0.3.225 -> 10.0.3.255 NBNS Name query NB KAMENSDEV<00> > 0.699144 10.0.2.168 -> 64.233.167.104 HTTP GET > /search?hl=en&q=centos&btnG=Google+Search HTTP/1.1 > 0.739789 64.233.167.104 -> 10.0.2.168 TCP http > 38760 [ACK] Seq=0 > Ack=602 Win=29400 Len=0 > 0.761950 64.233.167.104 -> 10.0.2.168 HTTP HTTP/1.1 200 > OK[Unreassembled Packet] > 0.762214 10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK] > Seq=602 Ack=1430 Win=22880 Len=0 > 0.764795 64.233.167.104 -> 10.0.2.168 HTTP Continuation > 0.764988 10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK] > Seq=602 Ack=1689 Win=22880 Len=0 > 0.801813 Intel_b1:cc:20 -> Broadcast ARP Who has 10.0.3.225? > Tell 10.0.2.148 > 0.885105 64.233.167.104 -> 10.0.2.168 HTTP Continuation > 0.885313 10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK] > Seq=602 Ack=3119 Win=25740 Len=0 > 0.893630 64.233.167.104 -> 10.0.2.168 HTTP Continuation > 0.893905 10.0.2.168 -> 64.233.167.104 TCP 38760 > http [ACK] > Seq=602 Ack=4156 Win=28600 Len=0 > 47 packets dropped > 743 packets captured 47 dropped? That is quite high, is this a low powered box or some lower end hardware? Actually, I don't even recall the last time I saw libpcap drop any packets, its been so long. Ted