ipfw question

[Michael Powell]

William A. Mahaffey III wrote:

[snip]
>>>
>>> "The M1 Garand is without doubt the finest implement of war
>>> ever devised by man."
>>>                             -- Gen. George S. Patton Jr.

And, oddly enough after many, many years mine still works fine.

>> Wireshark is pretty but requires X11. It also does a better job of making
>> the output understandable.
>>
>> tcpdump should be included in the base system and is text so works
>> without a GUI. You used to be able to take a tcpdump output file and feed
>> it to Wireshark for viewing.
[snip]
> 
> Very well, I have wireshark already installed (this is a desktop box),
> I'll poke around & see what I find. Thanks :-).
> 

tcpdump can save output in a file which Wireshark can import and read. Both  
have filtering capabilities, so you can use tcpdump to capture everything 
and use Wireshark to winnow out of the spew what you find interesting. Or, 
if you already know pretty much which traffic you want to see it's often 
easier and quicker (come time to view in Wireshark) to do some basic 
filtering with tcpdump's myriad command line switches first. I do this on 
interfaces of remote machines which are servers and have no X, copying the 
file to the desktop with Wireshark. This can improve signal-to-noise ratio. 
The same information is present, but Wireshark is just better presentation-
wise and can perform some analysis that tcpdump can not.

-Mike