John Summerfield wrote:
tcpdump -i eth1 -w /tmp/trace -s 9999 port 53
After a while,
^C
then
tcpdump -r /tmp/trace <and whatever the man page suggests and you find
attactive> | less
Looking at port 53 produced nothing in half an hour with only tcpdump
running so I assume wireshark or iptraf was causing the dns messages.
However I can see a lot of data if I don't limit it to a particular
port. Interpreting the data is another matter.
Apparently eth1 is a slow NIC but that's ok for what I'm doing ... It
seems to me I should be able to stir up some activity with another
computer, this one [box6], and see something happen in the tcpdump data
stream [on box10]. How can I identify data for my system? Presumably
most of what I am seeing is data directed at other subscribers.
So I've got all this data and don't know how to deal with it. Any help
appreciated.
tcpdump -r /tmp/trace
reading from file /tmp/trace, link-type EN10MB (Ethernet)
14:48:00.580934 arp who-has 75.105.105.75 tell 75.105.105.1
14:48:00.581241 arp who-has 75.105.105.75 tell 75.105.105.1
14:48:05.034887 arp who-has 70.41.113.158 tell 70.41.112.1
14:48:05.035318 arp who-has 70.41.113.158 tell 70.41.112.1
14:48:06.038873 arp who-has 70.41.150.136 tell 70.41.148.1
14:48:06.039296 arp who-has 70.41.150.136 tell 70.41.148.1
14:48:08.399597 arp who-has 72.173.246.50 tell 72.173.244.1
14:48:08.400263 arp who-has 72.173.246.50 tell 72.173.244.1
14:48:09.448529 arp who-has 72.173.22.133 tell 72.173.20.1
14:48:09.449413 arp who-has 72.173.22.133 tell 72.173.20.1
14:48:10.668593 arp who-has 70.41.115.191 tell 70.41.112.1
14:48:10.669371 arp who-has 70.41.115.191 tell 70.41.112.1
14:48:13.233549 arp who-has 72.173.245.14 tell 72.173.244.1
14:48:13.234232 arp who-has 72.173.245.14 tell 72.173.244.1
14:48:15.694350 arp who-has 70.41.114.251 tell 70.41.112.1
14:48:15.694784 arp who-has 70.41.114.251 tell 70.41.112.1
14:48:17.243791 arp who-has 70.41.114.44 tell 70.41.112.1
14:48:17.244236 arp who-has 70.41.114.44 tell 70.41.112.1
14:48:19.063647 arp who-has 10.9.226.129 tell 70.41.148.1
Bob Goodwin
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list