tcpdump help
Ron Peterson
ron.peterson at yellowbank.com
Wed Feb 27 17:11:05 EST 2002
On Wed, Feb 27, 2002 at 02:51:19PM -0500, Ron Peterson wrote:
> First, let me say what I'd like to do. I'd like to count the number of bytes
> in the data payload of IP packets by port number. Not port name, just
> number. So I thought I'd enlist the help of tcpdump.
I think I'm pretty close. Something like this should do the trick.
tcpdump -i eth1 -p -c 128 host gatewayhostname -t -n -nn | ./portstat.pl
Where portstat.pl looks like:
#!/usr/bin/perl
ALOOP: while(<>) {
next ALOOP unless
m/.*\d+\.\d+\.\d+\.\d+\.(\d+).*\d+\.\d+\.\d+\.\d+\.(\d+).*\d+:\d+\((\d+)\)/;
$p1 = $1;
$p2 = $2;
$bytes = $3;
; Might still be interested in port numbers used...
; next ALOOP if ( $bytes == 0 );
print "$p1\t$p2\t$bytes\n";
}
This is GNU/Linux tcpdump. Run on a hub shared with your gateway. Setup cron
to capture x number of packets every y minutes, and dump to a series of files
which get periodically processed into summary stats.
--
Ron Peterson -o)
87 Taylor Street /\\
Granby, MA 01033 _\_v
https://www.yellowbank.com ----
More information about the Discuss
mailing list