Greetings
> >
> >how can I capture the data which goes over a net connection and meets a
> >simple criteria of (remote-ip:port)?
> >
> >Yes I know of tcpdump and ethereal, but I don't find either easy to
> >use, and more to the point, both produce copious amounts of tcp data
> >(SYN bits, mac addresses, tcp-ack packets, etc bla bla) which I don't want
> >to know of.
> >
> You can cut down on the amount of data displayed or recorded by ethereal by
> using a filter see:-
>
> http://www.ethereal.com/docs/user-guide/chap03.html
Alternatively, capture everything, click on one of the early TCP data
packets, look under tools for a TCP stream analysis option. That gives
you a dump of the conversation, colour-coded by direction.
Alternatively, look for TCP hijack hacking tools - I seem to recall one of
those could do this sort of thing. (I wrote something that could do this,
if you're really keen, but it involves kernel modules and TCP hijacking...)
Theuns
KRN
-------------------------------------------------------------
Theuns Verwoerd 27 Nazareth Avenue
Software Engineer PO Box 8011
Allied Telesyn Research Christchurch
phone +64 3 339 3000 New Zealand
fax +64 3 339 3002 email: [EMAIL PROTECTED]
web: http://www.alliedtelesyn.co.nz/
-------------------------------------------------------------
