Re: [Wireshark-users] running wireshark just before and after downloading a payload
Hi, Well apparently you have some clue what's going on, that is what protocols can be used. I think you can make an educated guess from that. Otherwise a different tool may be better for you, like ntop maybe? Wireshark is really meant to drill down into the packets and squeeze the latest details out of them. You are going the other way, so maybe this is not the tool for you. Thanx, Jaap Albretch Mueller wrote: > On Jan 21, 2008 4:38 PM, Jaap Keuter <[EMAIL PROTECTED]> wrote: >> Hi, >> >> That one is easy. Just set the snaplength to the size you need. >> That is the "Limit each packet to xxx bytes" entry on the Capture >> options dialog. > ~ > but headers lengths differ for different protocols, if you set > snaplength to 0 how are you going to know them > ~ > I would like to still get the metadata about the connection > ~ > lbrtchx ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] running wireshark just before and after downloading a payload
On Jan 21, 2008 4:38 PM, Jaap Keuter <[EMAIL PROTECTED]> wrote: > Hi, > > That one is easy. Just set the snaplength to the size you need. > That is the "Limit each packet to xxx bytes" entry on the Capture > options dialog. ~ but headers lengths differ for different protocols, if you set snaplength to 0 how are you going to know them ~ I would like to still get the metadata about the connection ~ lbrtchx ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] running wireshark just before and after downloading a payload
Hi, That one is easy. Just set the snaplength to the size you need. That is the "Limit each packet to xxx bytes" entry on the Capture options dialog. Thanx Jaap Albretch Mueller wrote: > Hi, > ~ > I was wondering how could you run wireshark just before and after > downloading a payload, without snooping in anyone else's actual > payloads > ~ > The only needed metrics would be: > ~ > 1) timing down to the milliseconds (or nanoseconds?) > ~ > 2) the IP address of the initiating client's request > ~ > 3) the IP address of the server's response > ~ > 4) the used protocol > ~ > Then you, say, go "wget " and wireshark would > stop doing it and just do the data payload > ~ > and after finishing the download it would do the initial (1,2,3,4) > for some time > ~ > Thanks > lbrtchx > ___ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] running wireshark just before and after downloading a payload
actually (1,2,3,4) could continue while you do a download, I just don't want for wireshark to load all the data being downloaded ~ lbrtchx ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] running wireshark just before and after downloading a payload
Hi, ~ I was wondering how could you run wireshark just before and after downloading a payload, without snooping in anyone else's actual payloads ~ The only needed metrics would be: ~ 1) timing down to the milliseconds (or nanoseconds?) ~ 2) the IP address of the initiating client's request ~ 3) the IP address of the server's response ~ 4) the used protocol ~ Then you, say, go "wget " and wireshark would stop doing it and just do the data payload ~ and after finishing the download it would do the initial (1,2,3,4) for some time ~ Thanks lbrtchx ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users