From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1P3mue-0008Qb-Ux for garchives@archives.gentoo.org; Thu, 07 Oct 2010 09:37:21 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A3D2AE0859; Thu, 7 Oct 2010 09:37:08 +0000 (UTC) Received: from smtpout.karoo.kcom.com (smtpout.karoo.kcom.com [212.50.160.34]) by pigeon.gentoo.org (Postfix) with ESMTP id 56D92E0859 for ; Thu, 7 Oct 2010 09:37:08 +0000 (UTC) X-IronPort-AV: E=Sophos;i="4.57,296,1283727600"; d="scan'208";a="229658006" Received: from 213-152-39-90.dsl.eclipse.net.uk (HELO compaq.stroller.uk.eu.org) ([213.152.39.90]) by smtpout.karoo.kcom.com with ESMTP; 07 Oct 2010 10:37:04 +0100 Received: from [192.168.1.101] (unknown [192.168.1.101]) by compaq.stroller.uk.eu.org (Postfix) with ESMTP id 385E46C535 for ; Thu, 7 Oct 2010 10:37:03 +0100 (BST) From: Stroller Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: [gentoo-user] Sniffing / analysis of application / wifi packets on my LAN Date: Thu, 7 Oct 2010 10:37:03 +0100 Message-Id: To: gentoo-user@lists.gentoo.org Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 (Apple Message framework v1078) X-Mailer: Apple Mail (2.1078) X-Archives-Salt: 1bb8a9b5-4fcc-49c7-b95b-308be17796c1 X-Archives-Hash: 621c24e76b7a8b52f956d25952592a07 Hi there, I'm interested in the activity of an application which is running on my = LAN, and was wondering if anyone could offer some quick pointers on the = best tools for this these days. I've played with this some years ago, = but only very superficially - I think I used wireshark back then. Ideally what I want to do is capture a big dump of the traffic over a = couple of minutes (so it shouldn't be that much, right?) into a file and = then analyse it afterwards based on destination IP, content &c. A couple = of minutes should allow completion of at least 2 or 3 separate = interactions with the server. The network is mine, as is the device from which I'm capturing the data. = I have a Belkin F5D7010 wifi card, which I think is based on a RaLink = rt2x00 (rt2400 / rt2500) chipset, and I have my network's WPA key, so I = think I can just set the wifi card in passive mode for sniffing. I'm = pretty sure I experimented with this card in passive mode before, some = years ago. Alternatively, I think I can plug the wifi access-point into = my PC, bridge it to a second wired NIC and sniff what's going across the = bridge (but I don't think this should be necessary). What I'm expecting to see is some image, audio & html files &/or xml = data transferred, and ideally I'd like to be able to extract it all and = view it in its original format.=20 There's likely to be some inevitable other activity on the wLAN whilst = this is happening - I'll try to minimise this, but I think the tools = should be able filter out any crap I'm not interested in, right? I'd prefer as much as possible to use CLI tools for capturing / = analysing the data. Thanks in advance for any quick pointers you can offer, Stroller.