Wireshark-users: Re: [Wireshark-users] Yum install centos 5.2

From: Kevin Cullimore <kcullimo@xxxxxxxxxx>
Date: Sun, 11 Oct 2009 17:34:55 -0400
Mike Brandonisio wrote:
Hi,

Since I receive the MAKE error. I stopped chasing that and did the yum install again.

tshark does show what appears to be traffic.

The main reason for all of this to monitor/record HELOs/EHLOs to see what is impersonating my IP address to get me listed on CBL.

tshark is giving me data like this:

5.603672 75.XX.XX.XX -> 74.xx.xx.xx TCP 51268 > 22 [ACK] Seq=1 Ack=3185 Win=65535 Len=0 TSV=246431382 TSER=315369746

Any thoughts?
Based upon that output, it's unclear your filters are set up properly, and you may well need to display more bytes of each packet to make any headway. I've generally realized better packet-capture troubleshooting outcomes when I write the results to a file for followup analysis.
Sincerely,
Mike
--
Mike Brandonisio          *    Web Hosting / Development
Tech One Illustration     *    Internet Marketing
tel (630) 759-9283 x1001  *    e-Commerce
mbrando@xxxxxxxxxxxxxx    *    www.jikometrix.net

    JIKOmetrix - Reliable web hosting


Guy Harris wrote:
On Oct 11, 2009, at 1:21 PM, Mike Brandonisio wrote:

Is it possible I should be looking for something other than "wireshark" to execute?

No, that's the name of the executable.

What happens if you "locate tshark"? At least some RPM-based systems have, in an attempt to maximize confusion, packaged the non-GUI parts of Wireshark as "wireshark" and the GUI parts as "wireshark-gnome", or something like that; perhaps Centos 5.2 (or the version of Red Hat on which it's based) did that, so that you got the command-line TShark installed, but not the GUI Wireshark.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe