[Suns-at-Home] tcpdump

[Behm, Jeffrey L.]

well...not sure about tcpdump, but you can do this with snoop (which you
should have since this is the "suns-at-home" group)

snoop -o <filename> port 5190

where "-o <filename>" logs the packet trace to <filename>
and "port 5190" logs only packets where the port number is 5190


this logs the output to <filename> and you can go play it back whenever you
want with

snoop -i <filename> -ta -x0 | grep "YourSearchString" > <YourOutputFilename>

or, skipping the intermediate file (which I like to keep around incase I
want to look at a particular IP address or something - I can replay the
stuff multiple times with different options to snoop and I'll use "| more"
rather than redirecting to an output file)

snoop port 5190 -ta -x0 | grep "YourSearchString" > <YourOutputFilename>

where -ta shows the absolute time (i.e. wall clock)
and -x0 shows the payload data in a hex dump and an associated ascii
representation (when possible) - kinda reminds me of wading through
assembler dumps, but I digress ;-)

note that "grepping" for a search string may not "catch" all occurances,
because the payload data may be wrapped across multiple lines of output with
"-x0" 
Perhaps tcpdump would be better in this case...anyone?

This isn't exactly an answer to your question, but it is what I like about
Unix...many ways to accomplish the same task.

Jeff
>-----Original Message-----
>From: Gabe Green [mailto:ggreen@offramp.org]
>Sent: Tuesday, October 02, 01 2:21 AM
>To: suns-at-home@net-kitchen.com
>Subject: [Suns-at-Home] tcpdump
>
>
>hello,
>
>as the manpage is quite intimidating and I have a somewhat simple
>purpose...
>
>anyone know how I can use tcpdump to log all aol instant 
>messenger (port
>5190) traffic passing by on the network (perhaps grepping for 
>a particular
>string), and logging the output to a file?
>
>thanks,
>
>Gabe
>
>_______________________________________________
>Suns-at-Home mailing list
>Suns-at-Home@net-kitchen.com
>http://www.net-kitchen.com/mailman/listinfo/suns-at-home
>