Henrik Nordstrom wrote:
> On tis, 2008-08-26 at 10:22 +0100, Pedro Mansito PĂ©rez wrote:
>> Hello Henrik,
>>
>> I have never used wireshark or tshark, so excuse my ignorance.
>
> You need to use the wireshark gui to access the TCP stream analysis
> function.
>
> You can run the gui on another host (including Windows) by first making
> a packet capture on the server using tshark, tcpdump or another packet
> capture tool and then load that in the gui..
- # tcpdump -n -i ethX -s 0 -w /path/to/packet-dump.pcap
(-s 0 specifies capture the entire frame, not just the first XX bytes)
- trigger the event
- stop the pcap
- copy the pcap file from the Squid box to a Windows (or any platform
with a GUI based Wireshark install)
- open the file in Wireshark
- right click on one of the frames of the conversation
- click on 'Follow TCP Stream'
Steve
Received on Tue Aug 26 2008 - 20:17:40 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 27 2008 - 12:00:04 MDT