capturing packets of tools such as bearshare,limewire,Ares
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
tcpdump is still the right tool to capture traffic whether you understand it or not you can also capture the data in wireshark, which is realistically probably what you actually want to hear.
in terms of what you're looking out for... well you're the one trying to capture traffic, you tell us what you want to look out for... why are you doing it?
well in wireshark just filter with an expression like "ip.addr == a.b.c.d" to filter after capture. or use an input filter on wireshark or tcpdump of somethign like "host a.b.c.d". still short on details of what you want to get out of this though. i doubt you'll be able to make much sense of the raw ip data...
Thanks for for reply acid_kewpie. let me give you a full load-down of exactly what i want to acheive. You see, recently my network has really been granded by users who are constantly using p2p clients such as Bearshare, Imesh, Ares, etc.
How ever i have been doing a lot of research on this 2p2 clients and i found this site http://www.lowth.com/rope/BlockingGnutella that describes how i could patch my kernel and iptables with a module called rope and then successfully block 2p2 clients. pls take a look at this, http://www.lowth.com/rope/BlockingBittorrent. from this you will note that the packet of bittorrent was identified.
Secondly,same go for p2p clients that use Gnutella protocol. they are identified by this strings GNUTELLA CONNECT/digit(s).digit(s)\r\n
The main problem now is i want to write a rope script to block Ares and i need to capture its packets just the same way bittorrent packets was captured and used to block it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
you can also capture the data in wireshark, which is realistically probably what you actually want to hear. 
