Wireshark-users: Re: [Wireshark-users] Yum install centos 5.2

From: Mike Brandonisio <mbrando@xxxxxxxxxxxxxx>
Date: Sun, 11 Oct 2009 16:45:10 -0500
Hi,

I'll have to see about how to do that. I've been testing on screen so I can see what is getting captured. Later I'll record to a file to review.
Sincerely,
Mike
-- 
Mike Brandonisio          *    Web Hosting / Development
Tech One Illustration     *    Internet Marketing
tel (630) 759-9283 x1001  *    e-Commerce
mbrando@xxxxxxxxxxxxxx    *    www.jikometrix.net

    JIKOmetrix - Reliable web hosting


Kevin Cullimore wrote:
Mike Brandonisio wrote:
  
Hi,

Since I receive the MAKE error. I stopped chasing that and did the yum 
install again.

tshark does show what appears to be traffic.

The main reason for all of this to monitor/record HELOs/EHLOs to see 
what is impersonating my IP address to get me listed on CBL.

tshark is giving me data like this:

5.603672 75.XX.XX.XX -> 74.xx.xx.xx TCP 51268 > 22 [ACK] Seq=1 
Ack=3185 Win=65535 Len=0 TSV=246431382 TSER=315369746

Any thoughts?
    
Based upon that output, it's unclear your filters are set up properly, 
and you may well need to display more bytes of each packet to make any 
headway. I've generally realized better packet-capture troubleshooting 
outcomes when I write the results to a file for followup analysis.
  
Sincerely,
Mike
-- 
Mike Brandonisio          *    Web Hosting / Development
Tech One Illustration     *    Internet Marketing
tel (630) 759-9283 x1001  *    e-Commerce
mbrando@xxxxxxxxxxxxxx    *    www.jikometrix.net

    JIKOmetrix - Reliable web hosting


Guy Harris wrote:
    
On Oct 11, 2009, at 1:21 PM, Mike Brandonisio wrote:

  
      
Is it possible I should be looking for something other than  
"wireshark" to execute?
    
        
No, that's the name of the executable.

What happens if you "locate tshark"?  At least some RPM-based systems  
have, in an attempt to maximize confusion, packaged the non-GUI parts  
of Wireshark as "wireshark" and the GUI parts as "wireshark-gnome", or  
something like that; perhaps Centos 5.2 (or the version of Red Hat on  
which it's based) did that, so that you got the command-line TShark  
installed, but not the GUI Wireshark.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

  
      
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
    
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

  
begin:vcard
fn:Mike Brandonisio
n:Brandonisio;Mike
org:Tech One Illustration
adr:;;231 S. Cranberry St.;Bolingbrok;Illinois;60490;US
email;internet:mbrando@xxxxxxxxxxxxxx
title:Principal
tel;work:630-759-9283 x1001
tel;fax:630-214-9877
x-mozilla-html:FALSE
url:http://www.jikometrix.net
version:2.1
end:vcard