Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, Feb 27, 2002 at 02:51:19PM -0500, Ron Peterson wrote: > First, let me say what I'd like to do. I'd like to count the number of bytes > in the data payload of IP packets by port number. Not port name, just > number. So I thought I'd enlist the help of tcpdump. I think I'm pretty close. Something like this should do the trick. tcpdump -i eth1 -p -c 128 host gatewayhostname -t -n -nn | ./portstat.pl Where portstat.pl looks like: #!/usr/bin/perl ALOOP: while(<>) { next ALOOP unless m/.*\d+\.\d+\.\d+\.\d+\.(\d+).*\d+\.\d+\.\d+\.\d+\.(\d+).*\d+:\d+\((\d+)\)/; $p1 = $1; $p2 = $2; $bytes = $3; ; Might still be interested in port numbers used... ; next ALOOP if ( $bytes == 0 ); print "$p1\t$p2\t$bytes\n"; } This is GNU/Linux tcpdump. Run on a hub shared with your gateway. Setup cron to capture x number of packets every y minutes, and dump to a series of files which get periodically processed into summary stats. -- Ron Peterson -o) 87 Taylor Street /\\ Granby, MA 01033 _\_v https://www.yellowbank.com ----
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |