Hello,
i am using tethereal for capturing and analyzing network traffic. when
tethereal captures a packet which it recognizes as a pre-defined protocol
(like FTP DATA, HTTP, ICQ, etc.), it prints out a line such as this one
(i am using an outdated version of tethereal):
frame=820;size=1039;time=0.304820;source=IP;destination=IP;proto=HTTP;
now, when it doesn't recognize the used protocol, it prints out a similar
line but which always contains either "proto=TCP" or "proto=UDP" and
additionally also contains a section called "info= src port > dst port
...".
my problem is that i'd like to know for all the protocols recognized by
tethereal (such as HTTP, FTP, FTP DATA, etc.) whether the captured traffic
is incoming or outgoing traffic. but since there is no "info=" filed
indication the source and destination port, this is impossible, as far as
i can tell.
is there a way to make tethereal differ in general between inbound and
outbound traffic, relative to a given IP subnet maybe?
(like saying: "consider all IPs outside 192.168.*.* as remote and show me
the corresponding incoming and outgoing traffic.")
any help would be appreciated.
Bye, Kaspar
PS: please CC me any relvant replies since i am not on this list.
--
Kaspar Landsberg, <kl@xxxxxxxx>
Four
Lines
Suffice.