Date: Tue, 22 Jul 1997 19:27:20 -0400 (EDT) From: Matthew Hunt <mph@pobox.com> To: Bill Fenner <fenner@parc.xerox.com> Cc: questions@freebsd.org Subject: Re: tcptrace Message-ID: <199707222327.TAA14949@townhouse.dyn.ml.org> In-Reply-To: <97Jul16.151201pdt.177512@crevenia.parc.xerox.com> References: <19970716163317.50509@astro.psu.edu> <97Jul16.151201pdt.177512@crevenia.parc.xerox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Fenner <fenner@parc.xerox.com> wrote:
> Actually, there's a new version of tcptrace released today. I have a port
> that works on 2.2.2, I just have to verify that it works on 3.0 and I'll
> commit the updated one.
I just got around to playing with it, and it seems that the problem we
discussed previously depends on the type of interface that tcpdump
listens to. The program likes Ethernet dumps, but not (kernel) PPP
dumps. I haven't tried any other interfaces.
townhouse:~$ tcpdump -i ed1 -w ed1.trace
tcpdump: listening on ed1
^C
2 packets received by filter
0 packets dropped by kernel
townhouse:~$ tcptrace ed1.trace
1 args remaining, starting with 'ed1.trace'
Ostermann's tcptrace -- version 4.0.2 -- Wed Jul 16, 1997
Running file 'ed1.trace'
2 packets seen, 2 TCP packets traced
*** 1 packets were too short to process at some point
(use -w option to show details)
1: charon.townhouse.org:1650 - skellar.townhouse.org:23 (a2b) 1> 1< (reset)
townhouse:~$ tcpdump -i ppp0 -w ppp0.trace
tcpdump: listening on ppp0
^C
30 packets received by filter
0 packets dropped by kernel
townhouse:~$ tcptrace ppp0.trace
1 args remaining, starting with 'ppp0.trace'
Ostermann's tcptrace -- version 4.0.2 -- Wed Jul 16, 1997
Running file 'ppp0.trace'
Don't understand packet format (9)
--
Matthew Hunt <mph@pobox.com> * Think locally, act globally.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199707222327.TAA14949>