On Mon, May 28, 2001 at 01:48:38PM +0200, Kaspar Landsberg wrote:
> i am using tethereal for capturing and analyzing network traffic. when
> tethereal captures a packet which it recognizes as a pre-defined protocol
> (like FTP DATA, HTTP, ICQ, etc.), it prints out a line such as this one
> (i am using an outdated version of tethereal):
>
> frame=820;size=1039;time=0.304820;source=IP;destination=IP;proto=HTTP;
Which version of Tethereal is that, and who modified it to print out
lines such as that? The standard version doesn't print anything such as
that - it prints stuff such as
70 6.996000 {source IP} -> {destination IP} HTTP GET / HTTP/1.0
when run without "-V", and stuff such as
Frame 70 (350 on wire, 350 captured)
Arrival Time: Jan 22, 1999 22:07:24.8660
Time delta from previous packet: 0.003000 seconds
Time relative to first packet: 6.996000 seconds
Frame Number: 70
Packet Length: 350 bytes
Capture Length: 350 bytes
Ethernet II
Destination: {destination Ethernet} ({destination Ethernet})
Source: {source Ethernet} ({source Ethernet})
Type: IP (0x0800)
Internet Protocol, Src Addr: {source IP} ({source IP}), Dst Addr: {destination IP} ({destination IP})
Version: 4
Header length: 20 bytes
Type of service: 0x10 (Minimize delay)
000. .... = Precedence: routine (0)
...1 .... = Delay: Low
.... 0... = Throughput: Normal
.... .0.. = Reliability: Normal
.... ..0. = Cost: Normal
Total Length: 336
Identification: 0xd28b
Flags: 0x04
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x4905 (correct)
Source: {source IP} ({source IP})
Destination: {destination IP} ({destination IP})
Transmission Control Protocol, Src Port: 1819 (1819), Dst Port: 80 (80), Seq: 50671, Ack: 88167788
Source port: 1819 (1819)
Destination port: 80 (80)
Sequence number: 50671
Next sequence number: 50967
Acknowledgement number: 88167788
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 8736
Checksum: 0xb6f5 (correct)
Hypertext Transfer Protocol
GET / HTTP/1.0\r\n
Connection: Keep-Alive\r\n
User-Agent: Mozilla/4.5 [en] (WinNT; I)\r\n
Host: www.altavista.com\r\n
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\n
Accept-Encoding: gzip\r\n
Accept-Language: en\r\n
Accept-Charset: iso-8859-1,*,utf-8\r\n
Cookie: AV_UID=d40921d4404a84\r\n
\r\n
when run with "-V".
> is there a way to make tethereal differ in general between inbound and
> outbound traffic, relative to a given IP subnet maybe?
No, there isn't.