[Dshield] Traffic comparison - looking for tools

Stef stefmit at gmail.com
Thu Jun 2 02:12:29 GMT 2005


Try (t)ethereal or tcpdump from both ends - i.e. client and server
(make sure you have the time in sync at both ends!), or - if easier
for you - use (t)ethereal or tcpdump, and rpcap
(http://rpcap.sourceforge.net/mainpage.html). Believe it or not, if
you use Windows it may be even easier -
http://www.winpcap.org/docs/docs31beta4/html/group__remote.html
... combine the above with proper filters (host, port at least), to
filter out all the garbage, then re-assemble the two traces to see
what's going on.

Tracing from one single machine will give you a skewed view of the
network traffic, and it would only increase your frustration.

If you have two such traces, and are willing to share them, I could
take a pick at them and let you know what I find out.

Stef

On 6/1/05, Josh Tolley <josh at raintreeinc.com> wrote:
> Hi, all -
> 
> I'm trying to track down a problem with a client-server application
> where the app quits responding periodically. 
<snip>




More information about the list mailing list