On Oct 11, 2009, at 2:09 PM, Mike Brandonisio wrote:
Since I receive the MAKE error. I stopped chasing that and did the
yum install again.
Good idea - it's simpler.
tshark does show what appears to be traffic.
So tshark is installed, but not wireshark?
Yup, Centos continues in the grand Red Hat tradition of "let's confuse
users who want the Wireshark GUI as much as we possibly can":
http://www.twistedethics.com/2008/08/06/install-and-run-wireshark-on-the-command-line-centos-52/
To install a wireshark GUI type:
yum install wireshark-gnome
let it install, then find wireshark in Applications->Internet of
Linux.
Do remember that to install Wireshark first day you initially need
to go:
yum install wireshark
So, if you want Wireshark, with the GUI, try "yum install wireshark-
gnome", as per the above.
The main reason for all of this to monitor/record HELOs/EHLOs to see
what is impersonating my IP address to get me listed on CBL.
tshark is giving me data like this:
5.603672 75.XX.XX.XX -> 74.xx.xx.xx TCP 51268 > 22 [ACK] Seq=1
Ack=3185 Win=65535 Len=0 TSV=246431382 TSER=315369746
What it's giving you there is an indication that 75.xx.xx.xx sent
74.xx.xx.xx an ACK of some TCP traffic that 74.xx.xx.xx sent from port
22 - the port for SSH. If you haven't specified a capture filter,
you'll have to manually dig through tshark's output to find the SMTP
traffic.
If you want just the SMTP traffic, you'll want to check the SMTP port
- or ports, including the mail submission port, 587.