Everything Penguin

Focusing on Linux-based Operating Systems
htDig Search:

Operating Systems
  • /pub/OS/Linux

  • Storage
  • File Systems
  • HPC
  • /pub/Storage

  • Networking
  • /pub/Networking

  • Network Services
  • /pub/NetworkServices

  • Security
  • /pub/Security
  • Keytool/OpenSSL

  • Clustering
  • HA
  • DRM

  • Development
  • Design
  • C/C++
  • Java
  • Perl
  • Python
  • Shell
  • Web / J2EE

  • Not Linux ?
  • BSD
  • HP-UX
  • Mac
  • Solaris
  • VM
  • Windows
  • /pub/OS

  • Other
  • /pub
  • /pub/3rdParty
  •  Parent Directory

    About Ethereal
    Brett Lee
    ==============================================================================
    
    
    Monitor Port 80:
    tethereal -V -i eth1 -R "tcp.dstport eq 80"
    
    Monitor DHCPD:
    tethereal -V -i eth1 host <dhcpserver_IP> and port 67
    
    Monitor host 192.168.0.1 for port 80 connections
    tethereal -V -i eth1 -R "ip.dst == 192.168.0.1 && tcp.dstport eq 80"
    
    Monitor two hosts and ignore ARP
    tethereal -w teth.cap -x -V -nn -s 1600 -i eth1 host 192.168.0.1 or 192.168.0.254 and not arp
    
    Do something more:
    tethereal -n -V -i eth3 -R "
            (ip.src == 192.168.3.121 && ip.dst == 192.168.3.1) or \
            (ip.src == 192.168.3.1 && ip.dst == 192.168.1.121) or \
            (ip.src == 192.168.2.111 && ip.dst == 192.168.3.1) or \
            (ip.src == 192.168.3.1 && ip.dst == 192.168.2.111) \
            "
    
    For capturing IPv6 traffic, see the IPv6 directory.
    
    And for more:
    man tethereal | grep <dst|src|port|...>
    
    
    
    
    Here's an example:
    -------------
    tethereal  
      -n  (no DNS, protocol or port name lookup)
      -s 34 (capture only 34 bytes - enough for the IP header)
      -x (dump hex as well)
      -V (print a nice view of the packet)
      -i eth0 (capture on eth0 only)
    
    [root@opteron]# tethereal -n -s 34 -x -V -i eth0
    eth0: Promiscuous mode enabled.
    Capturing on eth0
    Frame 1 (60 on wire, 60 captured)
        Arrival Time: Dec 12, 2006 07:56:14.898065000
        Time delta from previous packet: 0.000000000 seconds
        Time relative to first packet: 0.000000000 seconds
        Frame Number: 1
        Packet Length: 60 bytes
        Capture Length: 60 bytes
    Ethernet II
        Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
        Source: 00:09:5b:dc:e1:1c (00:09:5b:dc:e1:1c)
        Type: ARP (0x0806)
        Trailer: 00000000000000000000000000000000...
    Address Resolution Protocol (request)
        Hardware type: Ethernet (0x0001)
        Protocol type: IP (0x0800)
        Hardware size: 6
        Protocol size: 4
        Opcode: request (0x0001)
        Sender MAC address: 00:09:5b:dc:e1:1c (00:09:5b:dc:e1:1c)
        Sender IP address: 192.168.10.1 (192.168.10.1)
        Target MAC address: 00:00:00:00:00:00 (00:00:00:00:00:00)
        Target IP address: 192.168.10.2 (192.168.10.2)
    
    0000  ff ff ff ff ff ff 00 09 5b dc e1 1c 08 06 00 01   ........[.......
    0010  08 00 06 04 00 01 00 09 5b dc e1 1c c0 a8 0a 01   ........[.......
    0020  00 00 00 00 00 00 c0 a8 0a 02 00 00 00 00 00 00   ................
    0030  00 00 00 00 00 00 00 00 00 00 00 00               ............    
    
    Frame 2 (166 on wire, 68 captured)
        Arrival Time: Dec 12, 2006 07:56:16.884843000
        Time delta from previous packet: 1.986778000 seconds
        Time relative to first packet: 1.986778000 seconds
        Frame Number: 2
        Packet Length: 166 bytes
        Capture Length: 68 bytes
    Ethernet II
        Destination: 00:0a:e6:ed:d6:9b (00:0a:e6:ed:d6:9b)
        Source: 00:c0:f0:31:15:3d (00:c0:f0:31:15:3d)
        Type: IP (0x0800)
    Internet Protocol, Src Addr: 192.168.10.2 (192.168.10.2), Dst Addr: 192.168.10.4 (192.168.10.4)
        Version: 4
        Header length: 20 bytes
        Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
            0000 00.. = Differentiated Services Codepoint: Default (0x00)
            .... ..0. = ECN-Capable Transport (ECT): 0
            .... ...0 = ECN-CE: 0
        Total Length: 152
        Identification: 0x0000
        Flags: 0x04
            .1.. = Don't fragment: Set
            ..0. = More fragments: Not set
        Fragment offset: 0
        Time to live: 64
        Protocol: UDP (0x11)
        Header checksum: 0xa4fe (correct)
        Source: 192.168.10.2 (192.168.10.2)
        Destination: 192.168.10.4 (192.168.10.4)
    User Datagram Protocol, Src Port: 800 (800), Dst Port: 2049 (2049)
        Source port: 800 (800)
        Destination port: 2049 (2049)
        Length: 132
        Checksum: 0x0703
    Remote Procedure Call
        XID: 0x16de335e (383660894)
        Message Type: Call (0)
        RPC Version: 2
        Program: NFS (100003)
        Program Version: 3
        Procedure: FSSTAT (18)
    [Short Frame: RPC]
    
    0000  00 0a e6 ed d6 9b 00 c0 f0 31 15 3d 08 00 45 00   .........1.=..E.
    0010  00 98 00 00 40 00 40 11 a4 fe c0 a8 0a 02 c0 a8   ....@.@.........
    0020  0a 04 03 20 08 01 00 84 07 03 16 de 33 5e 00 00   ... ........3^..
    0030  00 00 00 00 00 02 00 01 86 a3 00 00 00 03 00 00   ................
    0040  00 12 00 00                                       ....            
    
    
    

    Other Sites

    RFC's
  • FAQ's
  • IETF
  • RFC Sourcebook

  • Linux
  • Linux - Intro
  • Linux Kernel
  • Linux Kernel (LKML)
  • Bash - Intro
  • Bash - Advanced
  • Command Line
  • System Administration
  • Network Administration
  • Man Pages (& more)
  • More Guides
  • Red Hat Manuals
  • HOWTO's

  • Reference/Tutorials
  • C++ @ cppreference
  • C++ @ cplusplus
  • CSS @ echoecho
  • DNS @ Zytrax
  • HTML @ W3 Schools
  • Java @ Sun
  • LDAP @ Zytrax
  • Linux @ YoLinux
  • MySQL
  • NetFilter
  • Network Protocols
  • OpenLDAP
  • Quagga
  • Samba
  • Unix Programming



  • This site contains many of my notes from research into different aspects of the Linux kernel as well as some of the software provided by GNU and others. Thouugh these notes are not fully comprehensive or even completetly accurate, they are part of my on-going attempt to better understand this complex field. And, they are your to use.

    Should you wish to report any errors or suggestions, please let me know.

    Should you wish to make a donation for anything you may have learned here, please direct that donation to the ASPCA, with my sincere thanks.

    Brett Lee
    Everything Penguin

    The code for this site, which is just a few CGI scripts, may be found on GitHub (https://github.com/userbrett/cgindex).

    For both data encryption and password protection, try Personal Data Security (https://www.trustpds.com).


    "We left all that stuff out. If there's an error, we have this routine called 'panic', and when its called, the machine crashes, and you holler down the hall, 'Hey, reboot it.'"

        - Dennis Ritchie on Unix (vs Multics)


    Google
    [ Powered by Red Hat Linux ] [ Powered by Apache Server] [ Powered by MySQL ]

    [ Statistics by AWStats ]