[sclug] Monitoring a P2P appliacation
Leon Ward
leon.ward at added-dimension.co.uk
Sat Oct 25 09:05:44 UTC 2003
The language used by ethereal, is quite simple when you get the hang of it.
eg...
(ip.src == 192.168.11.99 and tcp.port == 5900) and tcp.flags.ack
Gives me a nice bunch of VNC packets
(may wrap)
11 3.789846 WTBDC0 Goldfinger TCP 5900 > 1632
[PSH, ACK] Seq=6595480 Ack=3964997106 Win=8358 Len=4
12 3.790574 WTBDC0 Goldfinger TCP 5900 >
1632 [PSH, ACK] Seq=6595484 Ack=3964997106 Win=8358 Len=18
13 3.791858 WTBDC0 Goldfinger TCP 5900 >
1632 [PSH, ACK] Seq=6595502 Ack=3964997106 Win=8358 Len=222
The ethereal web site has loads of info on this, and I know I have mentioned
it earlier but the GUI tool is much easier to get the hang of as it comes
with a filter expression builder.
-Nard
> -----Original Message-----
> From: Patrick Kirk [mailto:patrick at kirks.net]
> Sent: 18 June 2003 14:00
> To: lug at assursys.co.uk
> Cc: Sclug
> Subject: Re: [sclug] Monitoring a P2P appliacation
>
>
>
> >
> > # tethereal -a filesize:50000 -f "host 192.168.0.5 and port
> 6346" -w phasar.log
> >
>
> Is there a way to exclude specific hosts and and types of
> traffic? Most
> of my log consists of SMB, domain requests along with
> continuations of
> file downloads.
>
> --
>
> Best regards,
>
>
> Patrick Kirk
> Mobile: 07876 560 646
>
>
> _______________________________________________
> sclug mailing list
> sclug at sclug.org.uk
> http://www.sclug.org.uk/mailman/listinfo/sclug
>
> This E-mail and its attachments have been scanned for viruses
> before delivery.
> For more information contact postmaster at added-dimension.co.uk.
>
This E-mail and its attachments have been scanned for viruses before delivery.
We recommend that all attachments are also checked by recipients before being viewed.
For more information contact postmaster at added-dimension.co.uk.
More information about the Sclug
mailing list