Re: Network traffic human readable?!
2012/1/21 Tobias Pulm t...@facility5.org Hi, how can I display my network traffic (netstat output) human readable? Is there a function of the netstat that can do this? Thanks... Is this what you need : netstat -i And then filter out the interfaces you need (netstat -i | grep device) -- Beni Brinckman. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network traffic human readable?!
On 01/21/12 07:47, Tobias Pulm wrote: Hi, how can I display my network traffic (netstat output) human readable? Is there a function of the netstat that can do this? Rather than netstat, perhaps you want 'tcpdump' or 'nc'. Regards, Jason C. Wells ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network traffic monitoring: BSD monitor verifying encryption
Daniel Underwood wrote: Hi folks: (1) I'm only used Wireshark and Ethereal to inspect network traffic, and I've only used these on several occasion. Would someone suggest FreeBSD alternatives (console or xserver based? tcpdump(1). It can save to a pcap file for later review within Wireshark if required. (2) I'm testing my connection to a remote server. The connection is supposed to be encrypted. What's the easiest way to verify that the data is in fact being encrypted? I don't care to validate the encryption itself; I trust that it is working properly, if it's working at all. I just want to know what, if anything, I can look for in the traffic that will indicate encryption (e.g., is the initiation of key-exchanges easy to locate?). It depends on the traffic type, and the protocol. When in doubt, you could always capture the entire packet, dump them into a file, and then review the data to ensure it isn't in plaintext: # tcpdump -n -i em5 -s 0 -w /var/log/cap.pcap host x.x.x.x and port Then you can read it back in with tcpdump later, or scp the file to a GUI based workstation and view it in Wireshark (which is my preference). Wireshark displaying SSH traffic will for instance tell you straight-up in the Info field that the packet is Encrypted response packet len=xxx. It does the same for IPSec etc. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Network traffic monitoring: BSD monitor verifying encryption
Daniel Underwood wrote: Hi folks: (1) I'm only used Wireshark and Ethereal to inspect network traffic, and I've only used these on several occasion. Would someone suggest FreeBSD alternatives (console or xserver based? wireshark, formerly known as ethereal works just fine on FreeBSD. If you want a console based variant, there's tshark, which is just wireshark without X11 support. All in the ports: net/wireshark, net/tshark As mentioned elsewhere, you can use tcpdump (bundled with the system) to capture traffic that you can later feed into wireshark for analysis. Handy hint: be aware that tcpdump generally only captures the packet headers and not the full packet content. To capture everything add '-s 0' to the tcpdump command line. (2) I'm testing my connection to a remote server. The connection is supposed to be encrypted. What's the easiest way to verify that the data is in fact being encrypted? I don't care to validate the encryption itself; I trust that it is working properly, if it's working at all. I just want to know what, if anything, I can look for in the traffic that will indicate encryption (e.g., is the initiation of key-exchanges easy to locate?). There are two possibilities: (a) capture session traffic over the wire and from that demonstrate the traffic is encrypted. Unless the plaintext is obviously ascii or otherwise readily identifiable, this might be a bit tricky. Probably the only 100% certain answer is to be able to decrypt the session traffic. (b) connect to the remote network port using eg. netcat (see nc(1)), telnet or 'openssl s_client' -- in the first two cases the idea would be to check that the server would not permit an unencrypted session; for the last case the idea is to check that the connection does handle presenting keys and certs correctly. Obviously this will depend on knowledge of how your particular communications protocol works. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Network traffic monitoring: BSD monitor verifying encryption
Thanks for the help. I couldn't find any flags/fields in TCP packets indicated whether encrypted (as in the case of SSH packets). There isn't any, right? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Network traffic monitoring: BSD monitor verifying encryption
Daniel Underwood wrote: Thanks for the help. I couldn't find any flags/fields in TCP packets indicated whether encrypted (as in the case of SSH packets). There isn't any, right? No. TCP (Transport Layer) knows nothing about encryption/encoding, and hence there is no room (or need) within the headers to signify those details. TCP provides reliable data transit, and really nothing more. Encryption happens higher up in the stack, and it is the responsibility of the application (or some function) to do this work. TCP provides the connection, in which you can throw any type of data you please. It does not care what type of data you put into it; it has no way of inherently finding that out. To find out the flags/configuration/techniques used by the application before it stuffs it's data into a packet, you have to read the data after it's been extracted from the packet all the way up near the application layer. Wireshark can 'dissect' each packet for numerous applications and protocols, hence it has the ability to inform you about encryption as in my previous SSH example. That is why I captured the entire packet with tcpdump (via the -s0 flag). If you don't, tcpdump will not capture enough information to decode the packet. Steve smime.p7s Description: S/MIME Cryptographic Signature
Re: Network traffic monitoring: BSD monitor verifying encryption
Daniel Underwood wrote: Thanks for the help. I couldn't find any flags/fields in TCP packets indicated whether encrypted (as in the case of SSH packets). There isn't any, right? Correct: there isn't anything like that in the TCP headers. Encryption on TCP streams is an application level thing that only affects packet payloads. There are transport layer encryption protocols -- eg. IPSec, OpenVPN, etc. -- but those allow tunnelling TCP streams through them and aren't necessarily TCP themselves. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Network traffic Monitor
Eric Schuele wrote: Rodrigo G. Tavares de Souza wrote: Hi, I getting a problem with a DSL connection, and I need a way to monitor the network traffic. I found a program called Netsaint, could I do it with this one? It depends on what your monitoring focus is. If you just want to do some quick troubleshooting, ping and traceroute are probably all you need. If you are looking for intrusion monitoring snort is the leading tool for that. (last time I checked) If you are looking for traffic graphing you might look at RRDTool/MRTG. It depends on what your specific problem is. Surf through ports/net and ports/sysutils for all kinds of good tools. Later, Jason C. Wells ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Network traffic Monitor
Rodrigo G. Tavares de Souza wrote: Hi, I getting a problem with a DSL connection, and I need a way to monitor the network traffic. I found a program called Netsaint, could I do it with this one? Try Ethereal. http://www.ethereal.com/ Its in ports net/ethereal HTH Best Regards, Rodrigo Souza Sao Paulo - Brazil ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- Regards, Eric ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network traffic
[EMAIL PROTECTED] wrote: That works Great but do you know of anything that works in side the network? does the same thing but inside the network Yes, Tptest. Setup a tptest server on your network and use the client to connect to your own tptest server. /BH ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network traffic
Buck Jones wrote: any one know were I can get a netwrk testing tool that can sit on a server and test the speed of a network connection.. I have a small network ot work and I get computers that just disappear off the net..different computer at different times. but most of the time they are on the net and just are so slow. I have check for virus's and adware and changed the switching hub out..I have even replaced every network cable in the place I would like two programs that sit on two computer and just talk to each other and tell what the speed they are talking and if there is a packet loss Have a look at tp-test. http://sourceforge.net/projects/tptest/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network traffic
Buck Jones wrote: I would like two programs that sit on two computer and just talk to each other and tell what the speed they are talking and if there is a packet loss ping -f is a pretty good way of stress-testing a LAN. You can also use time ping -s 1000 -c 1000 -i 0.0001 host or so to send approx 1 MB via 1K packets, and divide. Using ftp or fetch or something that provides a speed rate is a little easier, if something running those services is handy... -- -Chuck ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: network traffic
That works Great but do you know of anything that works in side the network? does the same thing but inside the network -Original Message- From: B Hansson [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 7:22 AM To: freebsd questions Cc: [EMAIL PROTECTED] Subject: Re: network traffic Buck Jones wrote: any one know were I can get a netwrk testing tool that can sit on a server and test the speed of a network connection.. I have a small network ot work and I get computers that just disappear off the net..different computer at different times. but most of the time they are on the net and just are so slow. I have check for virus's and adware and changed the switching hub out..I have even replaced every network cable in the place I would like two programs that sit on two computer and just talk to each other and tell what the speed they are talking and if there is a packet loss Have a look at tp-test. http://sourceforge.net/projects/tptest/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network traffic
At 02:41 PM 5/18/2004, you wrote: any one know were I can get a netwrk testing tool that can sit on a server and test the speed of a network connection.. I have a small network ot work and I get computers that just disappear off the net..different computer at different times. but most of the time they are on the net and just are so slow. I have check for virus's and adware and changed the switching hub out..I have even replaced every network cable in the place I would like two programs that sit on two computer and just talk to each other and tell what the speed they are talking and if there is a packet loss iperf or netperf? Oscar ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]