[ale] TCPDUMP and its alternatives?

Jerry Yu jjj863 at gmail.com
Tue Jun 20 11:15:41 EDT 2006


Thanks, Jason. 'follow tcp stream' is great!  has been using ethereal
for years w/o it.
I thought that to train my eyes reading Hex dump is a must, just like
reading off the Matrix...

On 6/20/06, Jason Day <jasonday at worldnet.att.net> wrote:
> On Mon, Jun 19, 2006 at 08:38:20PM -0400, Michael B. Trausch wrote:
> > Certainly wasn't the tool that I had previously used.  I am trying to see if
> > this will do what I am looking for -- I just want the IP:Port-->IP:Port
> > Data parts of the packet, and Ethereal seems to just give all the packets.
>
> Ethereal has a really handy feature to show just the text portion of the
> traffic.  Just right-click on a packet in the conversation and select
> "Follow TCP stream".  Great for debugging HTTP sessions.
>
> > Also, I can't seem to save the output on the system - it tells me that I
> > don't have the rights (as root!)
>
> That sounds like a bug.  I've never had a problem saving the output from
> ethereal.
>
> Another advantage of ehtereal is that it can read files created with
> tcpdump, which is useful if you need to collect the data on a headless
> server.
> --
> Jason Day                                       jasonday at
> http://jasonday.home.att.net                    worldnet dot att dot net
>
> "Of course I'm paranoid, everyone is trying to kill me."
>     -- Weyoun-6, Star Trek: Deep Space 9
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>



More information about the Ale mailing list