[Wolves] Packet capture and port filtering
James Turner
james at turnersoft.co.uk
Wed May 12 20:33:55 BST 2004
On Wednesday 12 May 2004 14:35, Andrew Roberts wrote:
> tcpdump -w dumpfile will dump the packets into a file for later
> analysis. It is then possible to use tcpdump -r to read the file
> back in and filter/extract data from the packets.
You can also load tcpdump files into Ethereal for later analysis.
> It is worth noting that if your network is connected using switches
> rather than hubs, you won't be able to sniff all of the network
> traffic. Only traffic that is routed via/destined for or originating
> from the local machine will be dumped.
However, if you have a managed switch that supports it, you can configure port
mirroring in order to monitor other machines.
James
More information about the Wolves
mailing list