Ethereal-users: [Ethereal-users] Using the snoop command to capture traffic between two devices.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Higgins, Read" <Read.Higgins@xxxxxxxxxx>
Date: Thu, 14 Aug 2003 08:17:02 -0400
I am trying to snoop traffic between two servers, and I am getting nowhere.
I tried to run a simple test by snooping the traffic between my desktop and
an edge switch via a solaris box, and nothing happened.  The command I used
for this was 'snoop -v 216.118.178.15 192.168.192.50'.  Now when I run the
'snoop' command, or if I snoop to a particular address from the interface,
it works fine.  Do I have to set up an RMON probe in order to see the
traffic between two devices?  

Read Higgins, CCNP
Sr. Systems Engineer
Blue Cross/Blue Shield
401 Park Dr.
Boston, Ma. 02115
(W)617-246-3506
(C)617-590-7291


-----Original Message-----
From: ethereal-users-request@xxxxxxxxxxxx
[mailto:ethereal-users-request@xxxxxxxxxxxx] 
Sent: Thursday, August 14, 2003 6:05 AM
To: ethereal-users@xxxxxxxxxxxx
Subject: Ethereal-users Digest, Vol 4, Issue 19

Send Ethereal-users mailing list submissions to
	ethereal-users@xxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	http://www.ethereal.com/mailman/listinfo/ethereal-users
or, via email, send a message with subject or body 'help' to
	ethereal-users-request@xxxxxxxxxxxx

You can reach the person managing the list at
	ethereal-users-owner@xxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Ethereal-users digest..."


Today's Topics:

   1. Re: Saving a portion of a capture (Marco Rommelse)
   2. RE: Saving a portion of a capture (Bliss, Milton)
   3. Urgent query about ethereal 0.9.14 (Asawari Dinesh Teredesai)
   4. Urgent query about ethereal 0.9.14 (Asawari Dinesh Teredesai)
   5. Re: Urgent query about ethereal 0.9.14 (Brad Hards)
   6. Can't seem to save the packets as a TXTfile only	libpcap
      format (BennyC@xxxxxxxxxxx)
   7. window size issue (Draznin Sagiv)
   8. test (Draznin Sagiv)
   9. I cannot compile ethereal ethereal-0.9.14 on Win32
      (Pierre Pacchioni)


----------------------------------------------------------------------

Message: 1
Date: Wed, 13 Aug 2003 19:24:03 +0200
From: "Marco Rommelse" <m.rommelse@xxxxxxxxx>
Subject: Re: [Ethereal-users] Saving a portion of a capture
To: "Bliss, Milton" <Milton.Bliss@xxxxxxxxxxxxxxxxxxxxx>,
	<ethereal-users@xxxxxxxxxxxx>
Message-ID: <001a01c361bf$b13cde70$6402a8c0@mrobeast>
Content-Type: text/plain;	charset="iso-8859-1"

Milton,

Use:
frame.number < 20 and frame.number > 10

as your filter and you should be on your way.

You can do something similair as this with frame.time > .... and frame.time
< .... Where time is arrival time. For more filtering possibilities just
click on the filter button in the lower left corner of the window. Then
click 'add expression'. From the list that now appears, and you can choose
whatever you want to filter on, including the frame filter I've just
described.

Succes,
Marco.


----- Original Message ----- 
From: "Bliss, Milton" <Milton.Bliss@xxxxxxxxxxxxxxxxxxxxx>
To: <ethereal-users@xxxxxxxxxxxx>
Sent: Wednesday, August 13, 2003 6:51 AM
Subject: [Ethereal-users] Saving a portion of a capture


I want to save only the first 2000 packets of a capture, thereby my save
file will be small.

I thought I should create a display filter and save only the displayed
packets. The problem is, I cannot find the filter field corresponding to
a packet number. Then I thought I could filter on the time field but
when I select protocol time in the display filter, add expression
dialog, then select <, the error message tells me the field cannot be
tested with "<".

Which leaves me with what I'm sure is simple, dumb question:

How do I save only the first 2000 lines of a captured set of packets?

I have read about 4 hours today but have not found the answer.

Milton Bliss

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users



------------------------------

Message: 2
Date: Wed, 13 Aug 2003 12:08:06 -0700
From: "Bliss, Milton" <Milton.Bliss@xxxxxxxxxxxxxxxxxxxxx>
Subject: RE: [Ethereal-users] Saving a portion of a capture
To: "Gerald Combs" <gerald@xxxxxxxxxxxx>, <m.rommelse@xxxxxxxxx>
Cc: ethereal-users@xxxxxxxxxxxx
Message-ID:
	<FA47D7C5B4482340B171665E1E2722175A14D0@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain;	charset="US-ASCII"

Thank you so much.

I was looking for expression time and number, I should have been looking
for expression frame.time and frame.number I tried your instructions and
have enjoyed 100% success. Thank you again.

> -----Original Message-----
> From: Gerald Combs [mailto:gerald@xxxxxxxxxxxx] 
> Sent: Wednesday, August 13, 2003 9:29 AM
> To: Bliss, Milton
> Cc: ethereal-users@xxxxxxxxxxxx
> Subject: Re: [Ethereal-users] Saving a portion of a capture
> 
> 
> On Tue, 12 Aug 2003, Bliss, Milton wrote:
> 
> > How do I save only the first 2000 lines of a captured set 
> of packets?
> 
> Try "frame.number <= 2000".  
> 
> 


------------------------------

Message: 3
Date: Thu, 14 Aug 2003 11:14:29 +0530
From: "Asawari Dinesh Teredesai" <asawari.teredesai@xxxxxxxxx>
Subject: [Ethereal-users] Urgent query about ethereal 0.9.14
To: <ethereal-users@xxxxxxxxxxxx>
Message-ID:
	<94F20261551DC141B6B559DC4910867287451E@xxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain;	charset="iso-8859-1"


Hi,

	I wish to install  ethereal 0.9.14 for OS linux. I tried downloading
.tar.gz and .tar.bz2 files. But both are having source files.
	Kindly let me know at the earliest from where I can download
binaries for 0.9.14 

	Kindly give exact filename and URL.

Thanks and Regards

Asawari Teredesai

**************************Disclaimer************************************

Information contained in this E-MAIL being proprietary to Wipro Limited is 
'privileged' and 'confidential' and intended for use only by the individual
 or entity to which it is addressed. You are notified that any use, copying 
or dissemination of the information contained in the E-MAIL in any manner 
whatsoever is strictly prohibited.

***************************************************************************


------------------------------

Message: 4
Date: Thu, 14 Aug 2003 11:17:29 +0530
From: "Asawari Dinesh Teredesai" <asawari.teredesai@xxxxxxxxx>
Subject: [Ethereal-users] Urgent query about ethereal 0.9.14
To: <ethereal-users@xxxxxxxxxxxx>
Message-ID:
	<94F20261551DC141B6B559DC49108672874522@xxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain;	charset="iso-8859-1"



Hi,

	I wish to install  ethereal 0.9.14 for OS linux. I tried downloading
.tar.gz and .tar.bz2 files. But both are having source files.
	Kindly let me know at the earliest from where I can download
binaries for 0.9.14 

	Kindly give exact filename and URL.

Thanks and Regards

Asawari Teredesai

**************************Disclaimer************************************

Information contained in this E-MAIL being proprietary to Wipro Limited is 
'privileged' and 'confidential' and intended for use only by the individual
 or entity to which it is addressed. You are notified that any use, copying 
or dissemination of the information contained in the E-MAIL in any manner 
whatsoever is strictly prohibited.

***************************************************************************


------------------------------

Message: 5
Date: Thu, 14 Aug 2003 16:50:06 +1000
From: Brad Hards <bhards@xxxxxxxxxxxxxx>
Subject: Re: [Ethereal-users] Urgent query about ethereal 0.9.14
To: Asawari Dinesh Teredesai <asawari.teredesai@xxxxxxxxx>,
	ethereal-users@xxxxxxxxxxxx
Message-ID: <200308141650.06930.bhards@xxxxxxxxxxxxxx>
Content-Type: Text/Plain;  charset="iso-8859-1"

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 14 Aug 2003 15:47 pm, Asawari Dinesh Teredesai wrote:
> 	I wish to install  ethereal 0.9.14 for OS linux. I tried downloading
> .tar.gz and .tar.bz2 files. But both are having source files. Kindly let
me
> know at the earliest from where I can download binaries for 0.9.14
You failed to tell us which platform (architecture) and distribution of
Linux, 
and that matters. However If you go to http://www.ethereal.com, and look on 
the left hand side, you'll see "Download" and underneath that line "Binary 
Packages", which will take you to:

> 	Kindly give exact filename and URL.
http://www.ethereal.com./download.html#binaries where you can pick whichever

one you need.

You probably also have binaries on your distribution disks, although they
may 
not be quite as up to date.

Brad
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/OzEeW6pHgIdAuOMRAix2AJwKVCVKce7X9VU6HC/TgdeV3j/gQQCgvlWA
2f3GUfJtuZzMHab1ek9S2PU=
=1gJw
-----END PGP SIGNATURE-----


------------------------------

Message: 6
Date: Thu, 14 Aug 2003 10:21:00 +0300
From: BennyC@xxxxxxxxxxx
Subject: [Ethereal-users] Can't seem to save the packets as a TXTfile
	only	libpcap format
To: ethereal-users@xxxxxxxxxxxx
Message-ID: <OF908CEAB8.E82D1E29-ONC2256D82.002715CF@xxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

Hi my name is Benny,
I"m new to Ethereal,
I"m trying to use Tethereal for automatic testing
I "ll be happy to get some isea'son how to go about it

one idea i thought about is to send my Unit under test  a ping "frame"
and let Tethereal catch the incoming packets, the problem i"m facing is
that it won't let me save the
output as plain text it uses some other file formats such as libpcap which
i"m not familiar with.

appriciate your help
Best Regards
Benny.c.





------------------------------

Message: 7
Date: Thu, 14 Aug 2003 10:15:11 +0200
From: Draznin Sagiv <sagivd@xxxxxxxxxxxxxxx>
Subject: [Ethereal-users] window size issue
To: "'ethereal-users@xxxxxxxxxxxx'" <ethereal-users@xxxxxxxxxxxx>
Message-ID: <0C30C9BC1B3FD7119438000BCD0EABCD12333A@POSTMTG>
Content-Type: text/plain; charset="us-ascii"

Skipped content of type multipart/alternative

------------------------------

Message: 8
Date: Thu, 14 Aug 2003 10:20:13 +0200
From: Draznin Sagiv <sagivd@xxxxxxxxxxxxxxx>
Subject: [Ethereal-users] test
To: "'ethereal-users@xxxxxxxxxxxx'" <ethereal-users@xxxxxxxxxxxx>
Message-ID: <0C30C9BC1B3FD7119438000BCD0EABCD12333C@POSTMTG>
Content-Type: text/plain; charset="us-ascii"

Skipped content of type multipart/alternative

------------------------------

Message: 9
Date: Thu, 14 Aug 2003 12:00:19 +0200
From: "Pierre Pacchioni" <pierre.pacchioni@xxxxxxxxxx>
Subject: [Ethereal-users] I cannot compile ethereal ethereal-0.9.14 on
	Win32
To: <ethereal-users@xxxxxxxxxxxx>
Message-ID: <GOEDLNIFKELBABFHCFPJMEHFDNAA.pierre.pacchioni@xxxxxxxxxx>
Content-Type: text/plain;	charset="iso-8859-1"

Hello,

I got a ton of errors when I tried to compile Ethereal on Win32
(Windows2000).
I followed all the steps indicated in the README.win32 (including running
the cleanbld.bat script), installed all the packages, modified the
config.nmake file.
So before I spend too many time on that, is someone can tell me what I'm
wrong?
Thanks,
Cheers,
Pierre.


Microsoft (R) Program Maintenance Utility   Version 6.00.8168.0
Copyright (C) Microsoft Corp 1988-1998. All rights reserved.

        cl -DWIN32  -D_WIN32 -D_MT -D_DLL -MD -DHAVE_CONFIG_H
/IC:\cygwin\usr\include /IC:
\progra~1\glib\include\glib-2.0 /IC:\progra~1\glib\include\glib-2.0\gmodule
/IC:\progra~1\
zlib-114 /IC:\progra~1\WPdpack/include  -D_U_="" -Zi -Fd.\ -c
ascend-grammar.c ascend-scan
ner.c ascend.c atm.c buffer.c cosine.c csids.c dbs-etherwatch.c etherpeek.c
file.c file_wr
appers.c i4btrace.c iptrace.c lanalyzer.c libpcap.c netmon.c nettl.c
netxray.c ngsniffer.c
 radcom.c pppdump.c snoop.c toshiba.c visual.c vms.c wtap.c
Microsoft (R) 32-bit C/C++ Optimizing Compiler Version 12.00.8168 for 80x86
Copyright (C) Microsoft Corp 1984-1998. All rights reserved.

ascend-grammar.c
C:\cygwin\usr\include\sys/_types.h(13) : error C2632: 'long' followed by
'long' is illegal

C:\cygwin\usr\include\sys/_types.h(13) : error C2054: expected '(' to follow
'__extension_
_'
C:\cygwin\usr\include\sys/_types.h(13) : error C2085: '_off64_t' : not in
formal parameter
 list
C:\cygwin\usr\include\sys/_types.h(16) : error C2085: '_ssize_t' : not in
formal parameter
 list
C:\cygwin\usr\include\sys/_types.h(30) : error C2061: syntax error :
identifier 'wint_t'
C:\cygwin\usr\include\sys/_types.h(32) : error C2059: syntax error : '}'
C:\cygwin\usr\include\sys/_types.h(33) : error C2059: syntax error : '}'
C:\cygwin\usr\include\sys/reent.h(568) : error C2061: syntax error :
identifier '__extensi
on__'
C:\cygwin\usr\include\sys/reent.h(568) : error C2632: 'long' followed by
'long' is illegal

C:\cygwin\usr\include\sys/reent.h(570) : error C2061: syntax error :
identifier '_mblen_st
ate'
C:\cygwin\usr\include\sys/reent.h(570) : error C2059: syntax error : ';'
C:\cygwin\usr\include\sys/reent.h(571) : error C2061: syntax error :
identifier '_mbtowc_s
tate'
C:\cygwin\usr\include\sys/reent.h(571) : error C2059: syntax error : ';'
C:\cygwin\usr\include\sys/reent.h(572) : error C2061: syntax error :
identifier '_wctomb_s
tate'


------------------------------

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users


End of Ethereal-users Digest, Vol 4, Issue 19
*********************************************

This message is a PRIVATE communication. If you are not the intended
recipient, please do not read, copy, or use it, and do not disclose it to
others. Please notify the sender of the delivery error by replying to this
message, and then delete it from your system. Thank you.