[PLUG] Deciphering ethereal capture
Rich Shepard
rshepard at appl-ecosys.com
Wed Jun 26 00:39:07 UTC 2002
On 25 Jun 2002, Russell Senior wrote:
> That wasn't an optimal format for analysis. Try:
>
> tcpdump -i eth0 -s 1500 -w /tmp/dump.log
>
> instead. Or even:
>
> tcpdump host ftp.sscgis.state.or.us -s 1500 -w /tmp/dump.log
>
> That'll provide something that can be loaded into ethereal and
> analyzed.
Russell,
I ran the ftp session after starting ethereal. Will running tcpdump first,
then loading that into ethereal provide different results than ethereal
provides directly? I'm trying to understand, not denying what you wrote
before.
The last time I used tcpdump with a raw output. Now I've installed
ethereal and let it capture the packets directly. There are some CUPS udp
entries at the beginning and end of the file with the tcp packets for the
ftp session taking up the rest of the data; as far as I can tell.
Rich
More information about the PLUG
mailing list