How can I plug into the current data flow on the local interfaces? I would like to see everything, header, data, everything. I would prefer to get the "stream" into a perl program but C/C++ is good to. I was thinking about placing it on my gateway and check if my e-mail or personal information is sent outside, and the packet sniffers aren't that good according to my experience also the ones I use requiers a GUI and I haven't X windows installed on the gateway.

Well, for C/C++, there are libraries available (USI++ is a C++ TCP/IP class library) that should make this possible.

You can use a tool like tcpdump or ngrep or ethereal to do this.

Originally posted by Strike:
<STRONG>You can use a tool like tcpdump or ngrep or ethereal to do this.</STRONG>

Doesn't ethereal require a GUI while tcpdump just prints the headers?

Originally posted by Christian Olsson:
<STRONG>Doesn't ethereal require a GUI while tcpdump just prints the headers?</STRONG>

tcpdump is pretty good IMHO. It can catch the entire packet if you want to, just set the snaplen to 0

Example:

tcpdump -s 0 -Xvv tcp port 993

will monitor all traffic sent to/from port 993 (secure imap) and print the packet data in both hex and ascii as well as decoding the headers.

You can also dump the raw data to a file and process it later.

tcpdump -s 0 -w tcpdump.log tcp port 993

and to read the data you can use

tcpdump -r tcpdump.log -vvX |less