From owner-freebsd-questions  Thu Apr  6 14:47:41 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from photon.photon.com (unipod.photon.com [216.141.160.132])
	by hub.freebsd.org (Postfix) with ESMTP id EC8C337BC97
	for <freebsd-questions@FreeBSD.ORG>; Thu,  6 Apr 2000 14:47:36 -0700 (PDT)
	(envelope-from Matt@photon.com)
Received: from silversurfer.photon.com (silversurfer [192.203.79.220])
	by photon.photon.com (8.9.3/8.9.1) with ESMTP id OAA1904203;
	Thu, 6 Apr 2000 14:47:03 -0700 (PDT)
Received: by silversurfer.photon.com with Internet Mail Service (5.5.2650.21)
	id <2JMDNS3V>; Thu, 6 Apr 2000 14:57:16 -0700
Message-ID: <0565C6717839D3119BAC009027719565238EC5@silversurfer.photon.com>
From: Matt Wilbur <Matt@photon.com>
To: "'Jon Rust'" <jpr@vcnet.com>,
	"'freebsd-questions@FreeBSD.ORG'" <freebsd-questions@FreeBSD.ORG>
Subject: RE: tcpdump | tcpshow, and buffering
Date: Thu, 6 Apr 2000 14:57:08 -0700 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain;
	charset="iso-8859-1"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hi Jon,

Use the -l option to tcpdump to make it line buffered...

I like tcpdump -lenx host foo.bar.com and port 53 | tcpshow -cooked ...

Hope this helps
-Matt

> 
> I've been trying to use tcpdump and tcpshow to snoop my network on 
> occassion. Mostly to watch what lusers are doing when they can't get 
> into our mail server (wrong pass, username, etc). The command line is:
> 
>    tcpdump -enxs 1508 host blah.blah.com and port 110 | 
> tcpshow -cooked


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message