[ale] TCPDUMP and its alternatives?

Jason Day jasonday at worldnet.att.net
Tue Jun 20 10:45:09 EDT 2006


On Mon, Jun 19, 2006 at 08:38:20PM -0400, Michael B. Trausch wrote:
> Certainly wasn't the tool that I had previously used.  I am trying to see if 
> this will do what I am looking for -- I just want the IP:Port-->IP:Port 
> Data parts of the packet, and Ethereal seems to just give all the packets.  

Ethereal has a really handy feature to show just the text portion of the
traffic.  Just right-click on a packet in the conversation and select
"Follow TCP stream".  Great for debugging HTTP sessions.

> Also, I can't seem to save the output on the system - it tells me that I 
> don't have the rights (as root!)

That sounds like a bug.  I've never had a problem saving the output from
ethereal.

Another advantage of ehtereal is that it can read files created with
tcpdump, which is useful if you need to collect the data on a headless
server.
-- 
Jason Day                                       jasonday at
http://jasonday.home.att.net                    worldnet dot att dot net
 
"Of course I'm paranoid, everyone is trying to kill me."
    -- Weyoun-6, Star Trek: Deep Space 9



More information about the Ale mailing list