tcpdump help

[Ron Peterson]

First, let me say what I'd like to do.  I'd like to count the number of bytes
in the data payload of IP packets by port number.  Not port name, just
number.  So I thought I'd enlist the help of tcpdump.

Basically, I'm just trying to create a simple toolchain to monitor bandwidth
consumption by port number.

The following little command line applet, or crapplet, pretty much does what I
want:

/usr/sbin/tcpdump -b ip -c 64 -n -nn | perl -p -e
's/.*\.(\d+)\s>.*\.(\d\+):.*\((\d+)\).*/$1 $2 $3/'

This could work fine if the machine I ran it on sat between my gateway and my
internal network.  I'd like to get this same output by monitoring traffic on
an ethernet segment shared with the gateway.  But I can't figure out how to
bend tcpdump to my will.

For testing, I have two machines on a hub.  I want to use tcpdump on one
machine to monitor everything happening on the other.  Is this possible?

-- 
Ron Peterson                   -o)
87 Taylor Street               /\\
Granby, MA  01033             _\_v
https://www.yellowbank.com    ----