Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#106796 - 23/07/2002 14:47 tcpdump
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
I compiled up a copy of the packet sniffer tcpdump for the empeg. Could be useful for some troubleshooting, conceivably. Anyway, I didn't test it a lot, but it seemed to work for me. YMMV.

I submitted it to riocar.org, but until it shows up, here it is.
_________________________
Bitt Faulk

Top
#106797 - 24/07/2002 05:59 Re: tcpdump [Re: wfaulk]
tonyc
carpal tunnel

Registered: 27/06/1999
Posts: 7058
Loc: Pittsburgh, PA
Cool. My boss always joked that I could use it as a portable packet sniffer, and now it's a reality.

Being able to watch the packets flash across the Empeg's screen would be pretty fun too.
_________________________
- Tony C
my empeg stuff

Top
#106798 - 24/07/2002 07:23 Re: tcpdump [Re: tonyc]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
I used my mk2 as a packet-sniffer when trying to debug the DHCP server in the Central. I couldn't get tcpdump to actually parse the packets properly -- some kind of alignment issue, I guess. Presumably that works now? So I captured the packets to a file and then viewed them in ethereal on a Linux box.

BTW, Ethereal on Win32 actually works. Which came as quite a shock to me when I tried it recently.
_________________________
-- roger

Top
#106799 - 24/07/2002 16:40 Re: tcpdump [Re: Roger]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
You know, I didn't really look to see if parsed everything correctly or not. I just needed it to see if there was more data than I was expecting, not exactly what the data was.

And Win32 Ethereal works about half the time in my experience. That is, on about half the computers I try. I think there's the potential for conflict with the NIC drivers.
_________________________
Bitt Faulk

Top
#106800 - 25/07/2002 02:01 Re: tcpdump [Re: wfaulk]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
It probably did -- the failure mode in my case was that it would segfault when attempting to parse the headers.

And I've not tried Ethereal on that many Win32 boxen, so my sample size is very small.
_________________________
-- roger

Top
#106801 - 25/07/2002 12:26 Re: tcpdump [Re: tonyc]
leftyfb
enthusiast

Registered: 04/03/2002
Posts: 217
Loc: Lowell, MA
There any way someone could add the ability to view the output of this on the screen and also add it to the hijack menu?

Well of course there's a way, there always is, guess the real question is, will someone please do this??

btw, i'm a cable/network monkey, not a code monkey or else i'd figure this out on my own
_________________________
Mk2a 30GB Blue. Serial 030102999

Top
#106802 - 25/07/2002 12:33 Re: tcpdump [Re: leftyfb]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
You just want a portable sniffer, don't you? Cheap bastard.
_________________________
Bitt Faulk

Top
#106803 - 25/07/2002 12:52 Re: tcpdump [Re: wfaulk]
leftyfb
enthusiast

Registered: 04/03/2002
Posts: 217
Loc: Lowell, MA
like I said, i'm a network monkey (a.k.a Network Administrator) .... of course I do
_________________________
Mk2a 30GB Blue. Serial 030102999

Top
#106804 - 25/07/2002 18:32 Re: tcpdump [Re: leftyfb]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14496
Loc: Canada
Easy enough to do that. Just write a filter to take stdin (from tcpdump's stdout) and write it to a scrolling display using the Hijack ioctls(). Maybe 30 lines of code, tops.

-ml

Top
#106805 - 25/07/2002 19:17 Re: tcpdump [Re: mlord]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
The problem is being able to pass appropriate command line arguments to it, and even if you narrow it way down, it's likely to scroll past the empeg's small screen before you can really see what you're looking for.

Otherwise, you're 100% correct.
_________________________
Bitt Faulk

Top
#106806 - 26/07/2002 00:53 Re: tcpdump [Re: Roger]
wfaulk
carpal tunnel

Registered: 25/12/2000
Posts: 16706
Loc: Raleigh, NC US
Looks like everything's working fine. What sort of parsing errors were you getting?
_________________________
Bitt Faulk

Top
#106807 - 26/07/2002 01:33 Re: tcpdump [Re: wfaulk]
Roger
carpal tunnel

Registered: 18/01/2000
Posts: 5683
Loc: London, UK
segfaults mostly. I'll try it again with a fresh build of tcpdump, and see what happens. Probably not any time soon -- I can't see myself needing it for a while.
_________________________
-- roger

Top
#106808 - 26/07/2002 06:52 Re: tcpdump [Re: wfaulk]
mlord
carpal tunnel

Registered: 29/08/2000
Posts: 14496
Loc: Canada
People have already implemented text-file scrollers, and one could either adapt that code for stdin, or just add another 10-15 lines to do it from scratch..

Cheers

Top
#106809 - 26/07/2002 17:22 Re: tcpdump [Re: mlord]
andy
carpal tunnel

Registered: 10/06/1999
Posts: 5916
Loc: Wivenhoe, Essex, UK
Someone will be asking Toby for visuals to interpret tcpdump traffic next...
_________________________
Remind me to change my signature to something more interesting someday

Top
#106810 - 26/07/2002 17:32 Re: tcpdump [Re: andy]
mcomb
pooh-bah

Registered: 31/08/1999
Posts: 1649
Loc: San Carlos, CA
Hmmm, I always liked that X11 screensaver that displayed ping times with a radar screen sweep.
_________________________
EmpMenuX - ext3 filesystem - Empeg iTunes integration

Top
#106811 - 27/07/2002 11:31 Re: tcpdump [Re: andy]
smu
old hand

Registered: 30/07/2000
Posts: 879
Loc: Germany (Ruhrgebiet)
Well, Matrix comes to mind ;-) Would seem just right, right?

cu,
sven
_________________________
proud owner of MkII 40GB & MkIIa 60GB both lit by God and HiJacked by Lord

Top
#106812 - 29/07/2002 05:27 Re: tcpdump [Re: smu]
frog51
pooh-bah

Registered: 09/08/2000
Posts: 2091
Loc: Edinburgh, Scotland
And we're back here again
_________________________
Rory
MkIIa, blue lit buttons, memory upgrade, 1Tb in Subaru Forester STi
MkII, 240Gb in Mark Lord dock
MkII, 80Gb SSD in dock

Top