On 2008-11-20, John Jackson <[EMAIL PROTECTED]> wrote: > On Wed, Nov 19, 2008 at 08:18:00PM -0800, Jeff Simmons wrote: >> I need, at a minimum, which virtual server at a particular IP address is >> being >> accessed, and the contents of any GET commands (methods). If there's a way >> to >> get this via tcpdump I haven't found it yet.
urlsnarf from dsniff tcpdump -X -s1500 ngrep > ...tethereal... please, just rm that now... if it's still called "tethereal" it's super-old and has loads of known security problems. if you're even considering that risky software, you should at least be running the latest version (1.0.4), capture the files offline with tcpdump -w, and manually run tshark on the capture file as an unprivileged user. (this is NOT a recommendation to use wireshark, but if you're going to do it anyway, be as safe as you can about it).
