28 Mar
2008
28 Mar
'08
9:38 a.m.
On Thu, Mar 27, 2008 at 06:41:49PM +0100, L.M.J wrote:
I will check it out, maybe by using tcpdump or so. Sound like a mess since they are production servers with heavy network load. Anyway, gonna investigate deeper
You can use a filter for tcpdump, and just pick out traffic to port 1984.
tcpdump -n -w -s 1500 hobbittraffic.dmp tcp port 1984would be my way of logging it to a dump-file. Analysing it with Wireshark is usually much easier than using tcpdump for the analysis.
Regards, Henrik