Date: Wed, 13 Aug 2003 22:33:04 -0400 From: Mike Tancsa <mike@sentex.net> To: Dominiod <dominoid@dominoid.org> Cc: freebsd-questions@freebsd.org Subject: Re: simple TCP data capture program Message-ID: <5.2.0.9.0.20030813222442.030474c8@192.168.0.12> In-Reply-To: <1060827088.3f3aefd00b8f6@dominoid.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:11 PM 8/14/2003 +1000, Dominiod wrote:
>Hi,
>
>Is there a simple tool in freebsd (in ports?) that allows you to see data
>going to
>and from a particular port on your machine?
tcpdump works in real time
e.g.
telus-151front# tcpdump -n -c 2 -i fxp1 -Xx -s 1500 -vvv -e dst port 135
tcpdump: listening on fxp1
22:33:10.094691 0:a:f3:a5:c8:bc 0:d0:b7:27:55:43 0800 62:
205.208.237.95.4971 > 205.211.165.222.135: S [tcp sum ok]
649409298:649409298(0) win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 113, id
10944, len 48)
0x0000 4500 0030 2ac0 4000 7106 b025 cdd0 ed5f E..0*.@.q..%..._
0x0010 cdd3 a5de 136b 0087 26b5 3312 0000 0000 .....k..&.3.....
0x0020 7002 2238 c44b 0000 0204 05b4 0101 0402 p."8.K..........
22:33:10.095728 0:a:f3:a5:c8:bc 0:d0:b7:27:55:43 0800 62:
205.208.237.95.4974 > 205.211.165.225.135: S [tcp sum ok]
649551298:649551298(0) win 8760 <mss 1460,nop,nop,sackOK> (DF) (ttl 112, id
10947, len 48)
0x0000 4500 0030 2ac3 4000 7006 b11f cdd0 ed5f E..0*.@.p......_
0x0010 cdd3 a5e1 136e 0087 26b7 5dc2 0000 0000 .....n..&.].....
0x0020 7002 2238 9993 0000 0204 05b4 0101 0402 p."8............
4658 packets received by filter
0 packets dropped by kernel
telus-151front#
Dont do DNS lookups of the IP addresses involved, capture 2 packets on
fxp1, do it in hex and ascii, upto 1500 bytes, be very verbose, print link
layer stuff and only for crap destined for port 135.
If you want something more point and click, try ethereal.
Also, ipfw can be handy as well.
ipfw add 10 count log tcp from any to any 135 setup in via fxp1
---Mike
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.2.0.9.0.20030813222442.030474c8>