Date: Thu, 6 Apr 2000 14:19:00 -0700 From: Jon Rust <jpr@vcnet.com> To: freebsd-questions@freebsd.org Subject: tcpdump | tcpshow, and buffering Message-ID: <p043101ecb512aea2c91f@[209.239.239.22]>
next in thread | raw e-mail | index | archive | help
I've been trying to use tcpdump and tcpshow to snoop my network on occassion. Mostly to watch what lusers are doing when they can't get into our mail server (wrong pass, username, etc). The command line is: tcpdump -enxs 1508 host blah.blah.com and port 110 | tcpshow -cooked However, it seems there's quite a bit of buffering by tcpshow going on here. I get absolutely nothing displayed until the user has pushed (or pulled) a lot of traffic. Makes it tough to do things like just verify a POP session. Any better way to do it? jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p043101ecb512aea2c91f>