[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: sniffer software

To: AINA ALAIN PATRICK <aalain@ecowasmail.net>
Subject: Re: sniffer software
From: Alan Barrett <apb@cequrux.com>
Date: Thu, 11 Jan 2001 07:04:18 -0800
cc: tcpws@psg.com
Delivery-date: Fri, 12 Jan 2001 04:25:40 -0800
Envelope-to: tcpws-data@psg.com

On Wed, 10 Jan 2001, AINA ALAIN PATRICK wrote:
> > Have you tried tcpdump?
> > 
> > # tcpdump -i xl0 -n not tcp
> > 17:13:32.204298 192.0.2.46 > 192.0.2.45: AH(spi=385225147,seq=0xacc7): ESP(spi=202834639,seq=0xacc7) (DF)
> > 17:13:32.213895 192.0.2.45 > 192.0.2.46: AH(spi=435817222,seq=0xbffb): ESP(spi=278536727,seq=0xbffb) (DF)
> > 17:13:32.216322 192.0.2.45 > 192.0.2.46: AH(spi=435817222,seq=0xbffc): ESP(spi=278536727,seq=0xbffc) (DF) [tos 0x84] 
> 
>  i forgot to add one more asciiable than tcpdump

If you want to see packet dumps in hex and ascii, then use the "-x" and
"-X" flags that appear in recent versions of tcpdump from tcpdump.org.
I often use a command like this:

	tcpdump -i <interface> -s 2000 -lnvvxX <filter-expression>

If you want something with a GUI interface, try ethereal.  I think that
the latest version knows about ESP and AH.

--apb (Alan Barrett)

Prev by Date: Re: sniffer software
Next by Date: Re: Smail-3.2.0.111
Prev by thread: Re: sniffer software
Next by thread: Re: Kernal compile error in Red Hat 6.2
Index(es):
- Date
- Thread