Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tcpdump help



On Wed, Feb 27, 2002 at 02:51:19PM -0500, Ron Peterson wrote:

> First, let me say what I'd like to do.  I'd like to count the number of bytes
> in the data payload of IP packets by port number.  Not port name, just
> number.  So I thought I'd enlist the help of tcpdump.

I think I'm pretty close.  Something like this should do the trick.

tcpdump -i eth1 -p -c 128 host gatewayhostname -t -n -nn | ./portstat.pl
 
Where portstat.pl looks like:
 
#!/usr/bin/perl
 
ALOOP: while(<>) {
    next ALOOP unless
    m/.*\d+\.\d+\.\d+\.\d+\.(\d+).*\d+\.\d+\.\d+\.\d+\.(\d+).*\d+:\d+\((\d+)\)/;
    $p1 = $1;
    $p2 = $2;
    $bytes = $3;

; Might still be interested in port numbers used...
;    next ALOOP if ( $bytes == 0 );

    print "$p1\t$p2\t$bytes\n";
}
 
This is GNU/Linux tcpdump.  Run on a hub shared with your gateway.  Setup cron
to capture x number of packets every y minutes, and dump to a series of files
which get periodically processed into summary stats.

-- 
Ron Peterson                   -o)
87 Taylor Street               /\\
Granby, MA  01033             _\_v
https://www.yellowbank.com    ---- 




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org