Date: Wed, 17 Jan 1996 10:11:52 -0800 (PST) From: Julian Elischer <julian@ref.tfs.com> To: philw@megasoft.tic.ab.ca (Phillip White) Cc: msmith@atrad.adelaide.edu.au, freebsd-questions@freebsd.org Subject: Re: ethernet packet sniffer. Message-ID: <199601171811.KAA27635@ref.tfs.com> In-Reply-To: <Pine.BSF.3.91.960117030452.14808A-100000@megasoft.tic.ab.ca> from "Phillip White" at Jan 17, 96 03:16:59 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I've tried this and it does not show everything. No if you set it right it shows the entire packet.. sounds like what you want is to show ONLY the data.. if so why not just add that option to tcpdump..? can't be that difficult.. (Use the source Luke) failing that I'll bet you can pipe the output of Tcpdump through AWK and cut off the bits you don't want.. > On Solaris I can > actually watch the data being received from the news pull to INN, meaning > if I was fast enough (impossible) I could read the news as it comes > through the feed. The same with people logging into our Livingston > portmaster, I can see that they are messing around with commands that > they have no access to cause I can see that they are attempting passwd > hacks cause I can see the passwds they are entering at the password: > prompt(normally not seen any other way) or that they are entering enable > commands etc that they have no right to access. There is no watch > command for this hence, the need for a Solaris type "snoop" so I can sit > here and analize the data to a specific host and in raw format. > I'm not professed at analizing TCP packets so if there is a peticular > byte range to be watching so you see raw data receive (as said with being > able to see the data received in newsgroups) and can it be specified to > "tcpdump". I hope I am being clear? :-) I may be doing something wrong? > All I did with Solaris was (I believe) "snoop hostname" than it would say > "promiscuous mode" than off we go... > Phil... > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601171811.KAA27635>