IntroductionTethereal (http://www.ethereal.com/docs/man-pages/tethereal.1.html) is a network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. Tethereal's native capture file format is libpcap format, which is also the format used by tcpdump and various other tools.Without any options set, Tethereal will work much like tcpdump. It will use the pcap library to capture traffic from the first available network interface and displays a summary line on stdout for each received packet.
Tethereal is able to detect, read and write the same capture files that are supported by Ethereal. The input file doesn't need a specific filename extension, the file format and an optional gzip compression will be automatically detected. The capture file format section of ethereal(1) or http://www.ethereal.com/docs/man-pages/ethereal.1.html provides a detailed description.
ExamplesTrace all packet at port 5060 and dump to the stdout.
Trace all packet at port 1040 or port 540 on eth1 and dump to the stdout.
Trace all packet at port 5060 and dump details to the stdout.
Trace all packet at port 5060 for 30s and save to a file called t.pcap in PCAP format.
Trace all packet between <host A> and <host B> for 30s and save to a file called t.pcap in PCAP format.
Trace on port 5060 in aring buffer, this will keep a max of 20 files swaping to new files at 5 minutes or 50mb
|
FAQs Feed >