From owner-freebsd-questions@FreeBSD.ORG Wed Aug 13 19:35:04 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2FBB237B401 for ; Wed, 13 Aug 2003 19:35:04 -0700 (PDT) Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3AB6643F85 for ; Wed, 13 Aug 2003 19:35:03 -0700 (PDT) (envelope-from mike@sentex.net) Received: from house.sentex.net (cage.simianscience.com [64.7.134.1]) by smtp1.sentex.ca (8.12.9/8.12.9) with ESMTP id h7E2YwER009987; Wed, 13 Aug 2003 22:34:59 -0400 (EDT) (envelope-from mike@sentex.net) Message-Id: <5.2.0.9.0.20030813222442.030474c8@192.168.0.12> X-Sender: mdtancsa@192.168.0.12 X-Mailer: QUALCOMM Windows Eudora Version 5.2.0.9 Date: Wed, 13 Aug 2003 22:33:04 -0400 To: Dominiod From: Mike Tancsa In-Reply-To: <1060827088.3f3aefd00b8f6@dominoid.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed cc: freebsd-questions@freebsd.org Subject: Re: simple TCP data capture program X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Aug 2003 02:35:04 -0000 At 12:11 PM 8/14/2003 +1000, Dominiod wrote: >Hi, > >Is there a simple tool in freebsd (in ports?) that allows you to see data >going to >and from a particular port on your machine? tcpdump works in real time e.g. telus-151front# tcpdump -n -c 2 -i fxp1 -Xx -s 1500 -vvv -e dst port 135 tcpdump: listening on fxp1 22:33:10.094691 0:a:f3:a5:c8:bc 0:d0:b7:27:55:43 0800 62: 205.208.237.95.4971 > 205.211.165.222.135: S [tcp sum ok] 649409298:649409298(0) win 8760 (DF) (ttl 113, id 10944, len 48) 0x0000 4500 0030 2ac0 4000 7106 b025 cdd0 ed5f E..0*.@.q..%..._ 0x0010 cdd3 a5de 136b 0087 26b5 3312 0000 0000 .....k..&.3..... 0x0020 7002 2238 c44b 0000 0204 05b4 0101 0402 p."8.K.......... 22:33:10.095728 0:a:f3:a5:c8:bc 0:d0:b7:27:55:43 0800 62: 205.208.237.95.4974 > 205.211.165.225.135: S [tcp sum ok] 649551298:649551298(0) win 8760 (DF) (ttl 112, id 10947, len 48) 0x0000 4500 0030 2ac3 4000 7006 b11f cdd0 ed5f E..0*.@.p......_ 0x0010 cdd3 a5e1 136e 0087 26b7 5dc2 0000 0000 .....n..&.]..... 0x0020 7002 2238 9993 0000 0204 05b4 0101 0402 p."8............ 4658 packets received by filter 0 packets dropped by kernel telus-151front# Dont do DNS lookups of the IP addresses involved, capture 2 packets on fxp1, do it in hex and ascii, upto 1500 bytes, be very verbose, print link layer stuff and only for crap destined for port 135. If you want something more point and click, try ethereal. Also, ipfw can be handy as well. ipfw add 10 count log tcp from any to any 135 setup in via fxp1 ---Mike -------------------------------------------------------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet since 1994 www.sentex.net Cambridge, Ontario Canada www.sentex.net/mike