tcpdump
Aly Dharshi
aly.dharshi at telus.net
Mon Apr 23 22:47:31 UTC 2007
Hello All,
I hope that you are well. That is correct, doing what I have said on
the commandline of the server will show server side stuff, you may also
want to run something like tcpdump or ethereal on your work station and
compare/match. Unless you want to spend money to by a commercial sniffer.
Cheers,
Aly.
David G. Miller wrote:
> This approach only captures the HTTP requests. It will not capture the
> response since the response will not be through port 80; the response to
> a request will be to some randomly assigned, non-privileged port.
>
> If you assume that most inbound traffic to non-privileged ports consists
> of HTTP responses, you could just filter out all inbound traffic to
> privileged ports (port # < 1024). Depending on what you allow users to
> do, you may also get some chat/instant messenger traffic, P2P file
> sharing, etc. This may also be of interest depending on what you're
> looking for.
>
> If you specifically need to match HTTP requests with the response, you
> may need to look into one of the commercial network monitoring
> applications. These work by capturing all traffic and matching the
> half-sessions to recreate the complete dialog. This is a much harder
> problem but these products allow the user who made a particular request
> to be identified and associated with the response.
>
> Cheers,
> Dave
>
--
Aly Dharshi
aly.dharshi at telus.net
Got TELUS TV ? 310-MYTV or http://www.mytelus.com/tv
"A good speech is like a good dress
that's short enough to be interesting
and long enough to cover the subject"
More information about the fedora-list
mailing list