From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1P3pFF-0001lu-Og for garchives@archives.gentoo.org; Thu, 07 Oct 2010 12:06:46 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E18FDE06B7; Thu, 7 Oct 2010 12:05:59 +0000 (UTC) Received: from outbound.icp-qv1-irony-out1.iinet.net.au (outbound.icp-qv1-irony-out1.iinet.net.au [203.59.1.106]) by pigeon.gentoo.org (Postfix) with ESMTP id 1BA76E06B7 for ; Thu, 7 Oct 2010 12:05:58 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AnsFAJJUrUx8qSp9/2dsb2JhbACURY4AccRVhUcEhE+IcxY X-IronPort-AV: E=Sophos;i="4.57,297,1283702400"; d="scan'208";a="720873287" Received: from unknown (HELO moriah.localdomain) ([124.169.42.125]) by outbound.icp-qv1-irony-out1.iinet.net.au with ESMTP; 07 Oct 2010 20:05:56 +0800 Received: from localhost (localhost [127.0.0.1]) by moriah.localdomain (Postfix) with ESMTP id 982D91DEFC62 for ; Thu, 7 Oct 2010 20:05:56 +0800 (WST) X-Virus-Scanned: amavisd-new at localdomain Received: from moriah.localdomain ([127.0.0.1]) by localhost (moriah.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uoDPXFQm7Kap for ; Thu, 7 Oct 2010 20:05:52 +0800 (WST) Received: from [192.168.44.2] (rattus [192.168.44.2]) by moriah.localdomain (Postfix) with ESMTP id 836191DEDE49 for ; Thu, 7 Oct 2010 20:05:52 +0800 (WST) Subject: Re: [gentoo-user] Sniffing / analysis of application / wifi packets on my LAN From: William Kenworthy To: gentoo-user@lists.gentoo.org In-Reply-To: References: Content-Type: text/plain; charset="ISO-8859-1" Organization: Home in Perth! Date: Thu, 07 Oct 2010 20:05:51 +0800 Message-ID: <1286453151.25943.70.camel@rattus> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 7bit X-Archives-Salt: 0946d511-7d3f-4016-85d5-1ceb7f698dc9 X-Archives-Hash: f13f5d8bd96ae176cadb983a2da90433 Wireshark - always use the latest ~x86. Can capture and save with a lot of options. to just do a quick capture, try "tcpdump -i eth- -w file.pcap" writes a pcap format file (can be read by wireshark etc) "tcpdump -r file.pcap" to see whats in it "tcpdump -A - -r file.pcap" to extract text like html If you already have wireshark, "tshark" can do similar operation to tcpdump. BillK On Thu, 2010-10-07 at 10:37 +0100, Stroller wrote: > Hi there, > > I'm interested in the activity of an application which is running on my LAN, and was wondering if anyone could offer some quick pointers on the best tools for this these days. I've played with this some years ago, but only very superficially - I think I used wireshark back then. > > Ideally what I want to do is capture a big dump of the traffic over a couple of minutes (so it shouldn't be that much, right?) into a file and then analyse it afterwards based on destination IP, content &c. A couple of minutes should allow completion of at least 2 or 3 separate interactions with the server. > > The network is mine, as is the device from which I'm capturing the data. I have a Belkin F5D7010 wifi card, which I think is based on a RaLink rt2x00 (rt2400 / rt2500) chipset, and I have my network's WPA key, so I think I can just set the wifi card in passive mode for sniffing. I'm pretty sure I experimented with this card in passive mode before, some years ago. Alternatively, I think I can plug the wifi access-point into my PC, bridge it to a second wired NIC and sniff what's going across the bridge (but I don't think this should be necessary). > > What I'm expecting to see is some image, audio & html files &/or xml data transferred, and ideally I'd like to be able to extract it all and view it in its original format. > > There's likely to be some inevitable other activity on the wLAN whilst this is happening - I'll try to minimise this, but I think the tools should be able filter out any crap I'm not interested in, right? > > I'd prefer as much as possible to use CLI tools for capturing / analysing the data. > > Thanks in advance for any quick pointers you can offer, > > Stroller. > > -- William Kenworthy Home in Perth!