Re: [Ethereal-users] I want to monitor the packets that are coming from dialup

[Guy Harris <guy@xxxxxxxxxx>]

> I am trying to monitor the packets that are comming from my RAS box. I
> want to check the number of requests(whatever it is) from each and every
> IP address. How can I achieve this..

"Nonitor" in what sense?

If you want to monitor that in real time, neither Ethereal nor Tethereal
will do that for you.  Ethereal can't help you at all; Tethereal could
possibly do so, if you

	run it with the "-l" flag, and without the "-V" flag;

	pipe its output to a script that

		extracts the source and destination addresses from the
		Tethereal output;

		somehow deduces from the summary line for the packet
		what type of packet it is (if by "requests" you mean
		packets of some particular type, rather than arbitrary
		IP packets);

		counts the packets as appropriate and displays the
		results.

There may, however, be programs out there, using libpcap as Ethereal
does, that will do this more directly (and more efficiently).  (In fact,
I would be somewhat surprised if there weren't.)

If you want to find out from a saved capture how many requests there
were from each IP address, you could also use Tethereal in the fashion
described above, although, in that case, you could leave the "-l" flag
out (the "-l" flag makes sure that, as soon as Tethereal writes out the
line for a packet, the script sees it, so that it can update its display
in real time; this is less efficient than buffering the output, so if
you don't need a real-time display, you probably don't want to use
"-l").