[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sniffer software
- To: AINA ALAIN PATRICK <aalain@ecowasmail.net>
- Subject: Re: sniffer software
- From: Alan Barrett <apb@cequrux.com>
- Date: Thu, 11 Jan 2001 07:04:18 -0800
- cc: tcpws@psg.com
- Delivery-date: Fri, 12 Jan 2001 04:25:40 -0800
- Envelope-to: tcpws-data@psg.com
On Wed, 10 Jan 2001, AINA ALAIN PATRICK wrote:
> > Have you tried tcpdump?
> >
> > # tcpdump -i xl0 -n not tcp
> > 17:13:32.204298 192.0.2.46 > 192.0.2.45: AH(spi=385225147,seq=0xacc7): ESP(spi=202834639,seq=0xacc7) (DF)
> > 17:13:32.213895 192.0.2.45 > 192.0.2.46: AH(spi=435817222,seq=0xbffb): ESP(spi=278536727,seq=0xbffb) (DF)
> > 17:13:32.216322 192.0.2.45 > 192.0.2.46: AH(spi=435817222,seq=0xbffc): ESP(spi=278536727,seq=0xbffc) (DF) [tos 0x84]
>
> i forgot to add one more asciiable than tcpdump
If you want to see packet dumps in hex and ascii, then use the "-x" and
"-X" flags that appear in recent versions of tcpdump from tcpdump.org.
I often use a command like this:
tcpdump -i <interface> -s 2000 -lnvvxX <filter-expression>
If you want something with a GUI interface, try ethereal. I think that
the latest version knows about ESP and AH.
--apb (Alan Barrett)