Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tcpdump help



First, let me say what I'd like to do.  I'd like to count the number of bytes
in the data payload of IP packets by port number.  Not port name, just
number.  So I thought I'd enlist the help of tcpdump.

Basically, I'm just trying to create a simple toolchain to monitor bandwidth
consumption by port number.

The following little command line applet, or crapplet, pretty much does what I
want:

/usr/sbin/tcpdump -b ip -c 64 -n -nn | perl -p -e
's/.*\.(\d+)\s>.*\.(\d\+):.*\((\d+)\).*/$1 $2 $3/'

This could work fine if the machine I ran it on sat between my gateway and my
internal network.  I'd like to get this same output by monitoring traffic on
an ethernet segment shared with the gateway.  But I can't figure out how to
bend tcpdump to my will.

For testing, I have two machines on a hub.  I want to use tcpdump on one
machine to monitor everything happening on the other.  Is this possible?

-- 
Ron Peterson                   -o)
87 Taylor Street               /\\
Granby, MA  01033             _\_v
https://www.yellowbank.com    ---- 




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org