[PLUG] (M$) CommView-like setup for console

Zot O'Connor zot at whiteknighthackers.com
Tue Apr 27 07:40:03 UTC 2004


On Mon, 2004-04-26 at 19:10, Roderick A. Anderson wrote:
> I would like to monitor some _strange_ traffic I'm (not) seeing and 
> accounding to the Tech Manager the only thing (he's a Windows guy) that 
> he's found that will see this is CommView.  And rather than install this 
> Windows software on a machine and take it to the NOC I'd like to get the 
> same functionality out of an OS solution but it has to run console.
> 
> The CommView software (GUI) looks a lot like some of the output I
> associate with Ethereal and friends.  I don't have nearly enough
> experience with networks so I'm open to suggestions.


Just run ethereal for 20 mintues on any network.

It should be real easy to understand.

The trick is filters.  The capture filters use the tcpdump language
(host www.cnn.com and not port 22), whereas the filters use the display
language (roughly ip.addr == 212.212.212.212 and tcp.port != 22).  Use
the GUI to build the display filters.

Make great use of sorting by clicking columns, display filters on IP,
port and protocol.

Always set it to update and scroll on update when you capture.  You can
turn these off live, but sometime you cannot turn them on.

Also if your capture file is huge, you can pre-filter with the tcpdump
lingo on load "ethereal -r file host www.cnn.com"  This can save lots of
memory.

-- 





More information about the PLUG mailing list