sniffer output question

Tue, 07 Jan 2003 01:11:38 -0800 

Hi

While I was working on solaris (which in many ways was a terrible
experience), there was one thing I really liked. the output from 'snoop'
was clear and readable. I was wondering if there is a tool in linux that
does the same (or a combination of tools). the only drawback is that it
has to be command line (I don't want to launch etherrreal to see a
formated output).

Here are the output from snoop and tcpdump running the same script that
sends mail:

-----------------
snoop:
# snoop host 212.179.78.146
Using device /dev/hme (promiscuous mode)
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787 
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787 
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 220
mail-relay.winte
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787 
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787 HELO
localhost\r\n
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 250
mail-relay.winte
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787 mail
from: <haim@con
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 250
ok\r\n
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787 rcpt
to: <lior@winte
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 250
ok\r\n
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787
data\r\n
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 354
go ahead\r\n
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787
Mime-version: 1.0\r\n
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787
Content-type: text/p
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 
bzq-179-78-146.cust.bezeqint.net -> coltrane     SMTP R port=46787 250
ok 1041886186 qp
    coltrane -> bzq-179-78-146.cust.bezeqint.net SMTP C port=46787
quit\r\n
cont...

----------------------------
tcpdump:

10:52:47.720580 parker.haim.org.42384 >
bzq-179-78-146.cust.bezeqint.net.smtp: S 3945052066:3945052066(0) win
5840 <mss 1460,sackOK,timestamp 29253754 0,nop,wscale 0> (DF)
10:52:47.780627 bzq-179-78-146.cust.bezeqint.net.smtp >
parker.haim.org.42384: S 1695099701:1695099701(0) ack 3945052067 win
5792 <mss 1460,sackOK,timestamp 8229409 29253754,nop,wscale 0> (DF)
10:52:47.780691 parker.haim.org.42384 >
bzq-179-78-146.cust.bezeqint.net.smtp: . ack 1 win 5840
<nop,nop,timestamp 29253760 8229409> (DF)
10:52:47.850070 bzq-179-78-146.cust.bezeqint.net.smtp >
parker.haim.org.42384: P 1:38(37) ack 1 win 5792 <nop,nop,timestamp
8229416 29253760> (DF)
10:52:47.851949 parker.haim.org.42384 >
bzq-179-78-146.cust.bezeqint.net.smtp: . ack 38 win 5840
<nop,nop,timestamp 29253767 8229416> (DF)
10:52:47.853843 parker.haim.org.42384 >
bzq-179-78-146.cust.bezeqint.net.smtp: P 1:17(16) ack 38 win 5840
<nop,nop,timestamp 29253768 8229416> (DF)
10:52:47.917565 bzq-179-78-146.cust.bezeqint.net.smtp >
parker.haim.org.42384: . ack 17 win 5792 <nop,nop,timestamp 8229423
29253768> (DF)
10:52:47.928923 bzq-179-78-146.cust.bezeqint.net.smtp >
parker.haim.org.42384: P 38:69(31) ack 17 win 5792 <nop,nop,timestamp
8229423 29253768> (DF)
10:52:47.930488 parker.haim.org.42384 >
bzq-179-78-146.cust.bezeqint.net.smtp: P 17:49(32) ack 69 win 5840
<nop,nop,timestamp 29253775 8229423> (DF)
10:52:47.990429 bzq-179-78-146.cust.bezeqint.net.smtp >
parker.haim.org.42384: P 69:77(8) ack 49 win 5792 <nop,nop,timestamp
8229430 29253775> (DF)
10:52:47.992133 parker.haim.org.42384 >
bzq-179-78-146.cust.bezeqint.net.smtp: P 49:81(32) ack 77 win 5840
<nop,nop,timestamp 29253781 8229430> (DF)
10:52:48.050677 bzq-179-78-146.cust.bezeqint.net.smtp >
parker.haim.org.42384: P 77:85(8) ack 81 win 5792 <nop,nop,timestamp
8229436 29253781> (DF)
10:52:48.052481 parker.haim.org.42384 >
bzq-179-78-146.cust.bezeqint.net.smtp: P 81:87(6) ack 85 win 5840
<nop,nop,timestamp 29253787 8229436> (DF)
10:52:48.111302 bzq-179-78-146.cust.bezeqint.net.smtp >
parker.haim.org.42384: P 85:99(14) ack 87 win 5792 <nop,nop,timestamp
8229443 29253787> (DF)
10:52:48.113148 parker.haim.org.42384 >
bzq-179-78-146.cust.bezeqint.net.smtp: P 87:106(19) ack 99 win 5840
<nop,nop,timestamp 29253793 8229443> (DF)
10:52:48.199553 bzq-179-78-146.cust.bezeqint.net.smtp >
parker.haim.org.42384: . ack 106 win 5792 <nop,nop,timestamp 8229452
29253793> (DF)
cont...

any ideas?

thanx
-- 
Haim


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to