tcpdump

I compiled up a copy of the packet sniffer tcpdump for the empeg. Could be useful for some troubleshooting, conceivably. Anyway, I didn't test it a lot, but it seemed to work for me. YMMV.

I submitted it to riocar.org, but until it shows up, here it is.

Cool. My boss always joked that I could use it as a portable packet sniffer, and now it's a reality.

Being able to watch the packets flash across the Empeg's screen would be pretty fun too.

I used my mk2 as a packet-sniffer when trying to debug the DHCP server in the Central. I couldn't get tcpdump to actually parse the packets properly -- some kind of alignment issue, I guess. Presumably that works now? So I captured the packets to a file and then viewed them in ethereal on a Linux box.

BTW, Ethereal on Win32 actually works. Which came as quite a shock to me when I tried it recently.

You know, I didn't really look to see if parsed everything correctly or not. I just needed it to see if there was more data than I was expecting, not exactly what the data was.

And Win32 Ethereal works about half the time in my experience. That is, on about half the computers I try. I think there's the potential for conflict with the NIC drivers.

It probably did -- the failure mode in my case was that it would segfault when attempting to parse the headers.

And I've not tried Ethereal on that many Win32 boxen, so my sample size is very small.

There any way someone could add the ability to view the output of this on the screen and also add it to the hijack menu?

Well of course there's a way, there always is, guess the real question is, will someone please do this??

btw, i'm a cable/network monkey, not a code monkey or else i'd figure this out on my own

You just want a portable sniffer, don't you? Cheap bastard.

like I said, i'm a network monkey (a.k.a Network Administrator) .... of course I do

Easy enough to do that. Just write a filter to take stdin (from tcpdump's stdout) and write it to a scrolling display using the Hijack ioctls(). Maybe 30 lines of code, tops.

-ml

The problem is being able to pass appropriate command line arguments to it, and even if you narrow it way down, it's likely to scroll past the empeg's small screen before you can really see what you're looking for.

Otherwise, you're 100% correct.

Looks like everything's working fine. What sort of parsing errors were you getting?

segfaults mostly. I'll try it again with a fresh build of tcpdump, and see what happens. Probably not any time soon -- I can't see myself needing it for a while.

People have already implemented text-file scrollers, and one could either adapt that code for stdin, or just add another 10-15 lines to do it from scratch..

Cheers

Someone will be asking Toby for visuals to interpret tcpdump traffic next...

Hmmm, I always liked that X11 screensaver that displayed ping times with a radar screen sweep.

Well, Matrix comes to mind ;-) Would seem just right, right?

cu,
sven

And we're back here again