[ale] TCPDUMP and its alternatives?

Greg Freemyer greg.freemyer at gmail.com
Mon Jun 19 18:28:53 EDT 2006


I don't think it is the same tool you mention, but I always use
ethereal when I need to look at TCP/IP traffic at the frame level.

It has a nice X-gui.  Not too different from the Windows netmon tool.

http://www.ethereal.com/

Its part of the SUSE distro, so I've always just installed from Yast.

Greg

On 6/19/06, Michael B. Trausch <fd0man at gmail.com> wrote:
> At one point, I had to do some debugging of network connections at one
> point, and I went searching for utilities to log connections and data
> transmission, and found something really nice.  However, I cannot seem to
> find that same program again.  As I recall, it was based on the pcap
> library, and was like tcpdump, but the output was more human-friendly -- It
> would do things like:
>
> 192.168.000.100.45133-216.196.097.136.00119: ARTICLE 1341312
> 216.196.097.136.00119-192.168.000.100.45133: "DFS" <nospam at dfs_.com> wrote:
>
> It is rather nice output, at least in my opinion, and I need its services
> again to try to figure out if KMail is borking my IMAP folder at school, or
> if the Exchange server is.  Of course, I think it is the Exchange server,
> since the problems started Saturday morning after their maintenance window.
> Of course, because I use software that isn't Outlook Express, I always have
> to prove that their software is the problem, and not mine.  *shrugs*
>
> I have to do the same thing with ComCast, but the last time I needed
> anything was a while ago.
>
> Does anybody happen to know what tool I am talking about?  I am pretty sure
> it didn't have the word "dump" in its name, but I could be wrong.
>
>         - Mike
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
>


-- 
Greg Freemyer
The Norcross Group
Forensics for the 21st Century



More information about the Ale mailing list