Ethereal-users: Re: [ethereal-users] How to view packets real-time

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: guy@xxxxxxxxxx (Guy Harris)
Date: Mon, 19 Oct 1998 13:17:29 -0700 (PDT)
> Hummm...I actually started to write a version using libpcap and pcapture (a
> program from the same place as libpcap) that would display the packets
> realtime. Snoop on the SGI does it this way, as can tcpdump. The only bad
> part (or good part depending on where you stand) with snoop is that it
> doesn't show the data part of the packets.

"snoop" on Irix is, I think, based on "snoop" on Solaris 2.x; I think
source to "snoop" is licensed as part of ONC+.  ("snoop" was written by
a guy in the NFS group - which, allegedly, might explain why it does NIS
but not DNS....)

If so, then "snoop -v" should, even when doing a "live" packet display,
show the detailed decoding of the packet, and "snoop -x 0" should show
the raw data.  (It does so on Solaris 2.5.1.)

> Neither does tcpdump,

"tcpdump" supports a "-x" flag, similar to "snoop"s (although it doesn't
take an argument, the way "snoop"s does).  "tcpdump -x", when doing a
"live" packet display, shows the packet data.