[Suns-at-Home] tcpdump
der Mouse
mouse@Rodents.Montreal.QC.CA
Fri, 5 Oct 2001 20:54:21 -0400 (EDT)
> as the manpage is quite intimidating and I have a somewhat simple
> purpose...
> anyone know how I can use tcpdump to log all aol instant messenger
> (port 5190) traffic passing by on the network (perhaps grepping for a
> particular string), and logging the output to a file?
tcpdump -w file-to-log-to port 5190
If you need to specify the interface, add "-i interface-name", either
between "tcpdump" and "-w" or between the filename and "port".
If you want to capture whole packets insetad of just the first N bytes
(for whatever tcpdump's default value of N is), add an option such as
"-s 2000" (2000 merely being a number larger than the Ethernet MTU of
1500ish).
Grepping for a specific string is, I think, beyond tcpdump's filtering
capabilities, unless you know at exactly what offset it will occur in
the packet. For that, I'd recommend using -x to get full packet dumps
and then run a program over the result to look for your magic string.
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B