>>I want to watch traffic going out over a particular port - for
>>debugging purposes. I got tcpdump and took a look. I think I
>>understand and I don't like what I see.
>>Seems like I have to either 1) destroy my current network card
>>configuration in the interest of tcpdump or 2) add a network card and
>>totally turn it over to tcpdump.
Correct. I use a 2nd ethernet card with tcpdump on OSR5.
Quote:>I use the 'ipmon' facility that is part of the ipfilter package. It works just
>fine as long as what you want to watch is traffic into and out of the machine
>you're running it on. The only time I use tcpdump is when I need to watch
>traffic on the network that *isn't* to/from the machine I'm using for
>monitoring. I think it's both a TLS and included in 5.0.6.
Monitoring and capturing data can be done various ways. All of them
basically work. Analyzing the resultant capture is the hard part. My
magic decoder ring used to be sufficient, but protocols seem to grow on
trees these days. Today, I use Ethereal:
to decode the capture. It does a great job of playing mini-Carnivore and
reassembling packet streams into readable text.
Various packet sniffer packages:
Packet sniffer and network wiretap FAQ
150 Felker St #D Santa Cruz CA 95060
831-421-6491 pager 831-429-1240 fax
http://www.cruzio.com/~jeffl/sco/ SCO stuff