If anyone is interested in solving this I am prepared to compensate for
their time.
It doesn't have to be "clean" solution - we need something that works.
Please contact me off list if interested.
Justin.
-------------------
I am working with tethereal to sniff IPX traffic on a logging server
attached in front of a Netware 4 server. What we were hoping to achieve
is to capture the first part of the packets so we would have an
independent system logging file access on the server.
Everything is working ok but it seems we can't both decode NCP traffic
while at the same time limiting the size of the packets captured.
This is the command we have been working with...
tethereal -i dc0 -q -s 64 -x -F ngwsniffer_2_0 -w /usr/ipx64.cap &
What we want to mimic is an "ngrep" type effect where we can decode the
traffic and capture just enough of the packet to know the originating
address and the file they were viewing. The problem is that it seems if
we decode the traffic it wants to capture the entire packet and we are
getting GB's of traffic logged each day.
Any ideas?
Thanks,
Justin.