[geeks] Network software pointer
John Francini
francini at mac.com
Sun Jul 1 19:31:15 CDT 2012
Wireshark is the direct lineal descendant of Ethereal. The author of Ethereal went to CACE, now a part of Riverbed Technology, and the product name changed.
It can read and analyze the packet dumps created by tcpdump, or you can use wireshark's supplied capture tool. Highly recommended.
j
On 1 Jul 2012, at 20:20, Mouse wrote:
>> What I would like is to be able to:
>
>> monitor all traffic in/out for a particular IP address
>
>> Store the traffic for off-line analysis
>
> "tcpdump -w" seems so obvious to me I can only assume there's some
> reason it's not suitable for you. But I don't see any such reason in
> your message (possibly my fault, possibly not), so I have to ask:
> what's wrong with it?
>
>> Ideally, be capable of presenting the traffic in some sort of
>> 'readable' form, sort of like an intelligent disassembler
>
> tcpdump does that to some extent, enough for some purposes. I believe
> there are other tools that unpack in more detail, but the only one I'm
> familiar with is my own, which severely undersupports the cases I
> haven't personally had occasion to care about. (You are nevertheless
> welcome to a copy if you want, of course;
> ftp.rodents-montreal.org:/mouseware/local-src/ether-unpack/ is the
> place to look.)
>
> /~\ The ASCII Mouse
> \ / Ribbon Campaign
> X Against HTML mouse at rodents-montreal.org
> / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
> _______________________________________________
> GEEKS: http://www.sunhelp.org/mailman/listinfo/geeks
More information about the geeks
mailing list