Writer : http://www.ischo.net -- ischo // System Engineer

+++++++++++++++++++++++++++++++++++++++++++++++++++++++

<CASE>

Server : 192.168.0.1

Client : 192.168.0.2

Client tries to dump incoming packets when telnet to server.

Command

iptrace / ipreport

iptrace Daemon

Purpose

       Provides interface-level packet tracing for Internet protocols.

Syntax

       /usr/sbin/iptrace [ -a ] [ -b ][ -e ] [ -u ] [ -PProtocol_list ] [ -iInterface ] [ -pPort_list ] [ -sHost [ -b ] ] [ -dHost ] [ -L  Log_size ] [ -B
       ] [ -T ] [ -S snap_length] LogFile

ipreport Command

Purpose

       Generates a packet trace report from the specified packet trace file.

Syntax

       /usr/sbin/ipreport [ -e ] [ -r ] [ -n ] [ -s ] LogFile

       /usr/sbin/ipreport [ -C ] [ -e ] [ -n ] [ -r ] [ -s ] [ -S ] [ -v ] [-x ] [ -1 ] [ -N ] [ -T ] [ -c count ] [ -j pktnum ] [ -X bytes ] tracefile

Description

       The /usr/sbin/ipreport command generates a trace report from the specified trace file created by the iptrace command. The LogFile parameter
       specifies the name of the file containing the results of the Internet Protocol trace. This file is created by the iptrace command.

Save as tcpdump.bin file which activity is Source IP 192.168.0.2 host, interface en0, TCP port 23.

# iptrace -b -s 192.168.0.2 -i en0 -p 23 tcpdump.bin

[20906126]

Above command is running at background.

# ps -ef | grep iptrace
    root  8978508 20971746   0 23:35:47  pts/1  0:00 grep iptrace
    root 20906126        1   0 23:35:23      -  0:00 iptrace -b -s 192.168.0.2 -i en0 -p 23 tcpdump.log

You want to stop dump, send SIGKILL

# kill -9 20906126       

Convert tcpdump.bin file to ACSII. (Default type is binary)

# ipreport tcpdump.bin > tcpdump.txt