Date: Sat, 28 Mar 2015 15:40:17 -0400 From: Michael Powell <nightrecon@hotmail.com> To: freebsd-questions@freebsd.org Subject: Re: ipfw question Message-ID: <mf7034$994$1@ger.gmane.org> References: <55122B21.60905@hiwaay.net> <55162284.6040806@hiwaay.net> <D4C3522A-97EE-4D35-9AF1-D122BC6D9165@gmail.com> <5516BB73.7010108@hiwaay.net> <26D37EC0-1C91-4009-A5C6-7B40CDE4099B@gmail.com> <5516BF68.9040806@hiwaay.net> <3782D86A-E280-4C01-B492-D1982D372808@gmail.com> <5516C210.6090806@hiwaay.net> <07C9255C-5CDA-4C96-A227-EB28FC836BF5@gmail.com> <5516C8CB.4050505@hiwaay.net>
next in thread | previous in thread | raw e-mail | index | archive | help
William A. Mahaffey III wrote: [snip] >>> >>> "The M1 Garand is without doubt the finest implement of war >>> ever devised by man." >>> -- Gen. George S. Patton Jr. And, oddly enough after many, many years mine still works fine. >> Wireshark is pretty but requires X11. It also does a better job of making >> the output understandable. >> >> tcpdump should be included in the base system and is text so works >> without a GUI. You used to be able to take a tcpdump output file and feed >> it to Wireshark for viewing. [snip] > > Very well, I have wireshark already installed (this is a desktop box), > I'll poke around & see what I find. Thanks :-). > tcpdump can save output in a file which Wireshark can import and read. Both have filtering capabilities, so you can use tcpdump to capture everything and use Wireshark to winnow out of the spew what you find interesting. Or, if you already know pretty much which traffic you want to see it's often easier and quicker (come time to view in Wireshark) to do some basic filtering with tcpdump's myriad command line switches first. I do this on interfaces of remote machines which are servers and have no X, copying the file to the desktop with Wireshark. This can improve signal-to-noise ratio. The same information is present, but Wireshark is just better presentation- wise and can perform some analysis that tcpdump can not. -Mike
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?mf7034$994$1>