tcpdump

[Aly Dharshi]

Hello All,

	I hope that you are well. That is correct, doing what I have said on 
the commandline of the server will show server side stuff, you may also 
want to run something like tcpdump or ethereal on your work station and 
compare/match. Unless you want to spend money to by a commercial sniffer.

	Cheers,

	Aly.

David G. Miller wrote:

> This approach only captures the HTTP requests.  It will not capture the 
> response since the response will not be through port 80; the response to 
> a request will be to some randomly assigned, non-privileged port.
> 
> If you assume that most inbound traffic to non-privileged ports consists 
> of HTTP responses, you could just filter out all inbound traffic to 
> privileged ports (port # < 1024).  Depending on what you allow users to 
> do, you may also get some chat/instant messenger traffic, P2P file 
> sharing, etc.  This may also be of interest depending on what you're 
> looking for.
> 
> If you specifically need to match HTTP requests with the response, you 
> may need to look into one of the commercial network monitoring 
> applications.  These work by capturing all traffic and matching the 
> half-sessions to recreate the complete dialog.  This is a much harder 
> problem but these products allow the user who made a particular request 
> to be identified and associated with the response.
> 
> Cheers,
> Dave
> 

-- 
Aly Dharshi
aly.dharshi at telus.net
Got TELUS TV ? 310-MYTV or http://www.mytelus.com/tv

          "A good speech is like a good dress
           that's short enough to be interesting
           and long enough to cover the subject"