Ethereal-users: Re: [ethereal-users] How to view packets real-time

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Keith Morse <kgmorse@xxxxxxxx>
Date: Sun, 18 Oct 1998 21:35:48 -0700 (PDT)
On Mon, 19 Oct 1998, charlie buckheit wrote:

> >Every packet sniffer operates in the same manner.  Capture packets to
> >buffer/disk, then view the contents afterward.  Ethereal seems not  to
> >deviate from this modus operandi.
> 
> Hummm...I actually started to write a version using libpcap and pcapture (a
> program from the same place as libpcap) that would display the packets
> realtime. Snoop on the SGI does it this way, as can tcpdump. The only bad
> part (or good part depending on where you stand) with snoop is that it
> doesn't show the data part of the packets. Neither does tcpdump, though
> older versions supposedly did. For some applications I really need to see
> the data.
> 


It is a sad thing to know I speak like I write also.  I meant every packet
sniffer I've seen; Etherpeek, Network General (Network Associates),
NetXray.  Frankly wanting to watch what was in the packet would be a
daunting task, I'd think.  After watching a compile made against some high
speed servers, about 20mb in 10 seconds, I don't see how a person could
keep up.  Just running tcpdump can be challenging at times.