[PLUG] Deciphering ethereal capture
Russell Senior
seniorr at aracnet.com
Wed Jun 26 00:30:27 UTC 2002
>>>>> "Rich" == Rich Shepard <rshepard at appl-ecosys.com> writes:
Rich> I'm trying to find out why ncftp (and ftp) have stopped
Rich> working properly. To this end I installed ethereal and captured
Rich> the packets as I used ncftp to log into an ftp server down in
Rich> Salem. Now I need help in interpreting the output.
The last time you asked this question, I replied:
Rich> Since you asked, the gzipped dump.log is attached (it's 73.2K
Rich> naked). I cannot interpret it, but someone more guru than I can,
Rich> I'm sure.
That wasn't an optimal format for analysis. Try:
tcpdump -i eth0 -s 1500 -w /tmp/dump.log
instead. Or even:
tcpdump host ftp.sscgis.state.or.us -s 1500 -w /tmp/dump.log
That'll provide something that can be loaded into ethereal and
analyzed.
Notice that the second tcpdump command restricts what it listens for
to the host involved. Why don't you collect a session and plunk the
collected file (/tmp/dump.log) somewhere people can get to and post a
URL and maybe some bored/interested person will take a look for you.
Run it from as far upstream as you can get (i.e., on your firewall if
possible).
--
Russell Senior ``The two chiefs turned to each other.
seniorr at aracnet.com Bellison uncorked a flood of horrible
profanity, which, translated meant, `This is
extremely unusual.' ''
More information about the PLUG
mailing list