 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | About BLU |
On Wed, Feb 27, 2002 at 02:51:19PM -0500, Ron Peterson wrote:
> First, let me say what I'd like to do. I'd like to count the number of bytes
> in the data payload of IP packets by port number. Not port name, just
> number. So I thought I'd enlist the help of tcpdump.
I think I'm pretty close. Something like this should do the trick.
tcpdump -i eth1 -p -c 128 host gatewayhostname -t -n -nn | ./portstat.pl
Where portstat.pl looks like:
#!/usr/bin/perl
ALOOP: while(<>) {
next ALOOP unless
m/.*\d+\.\d+\.\d+\.\d+\.(\d+).*\d+\.\d+\.\d+\.\d+\.(\d+).*\d+:\d+\((\d+)\)/;
$p1 = $1;
$p2 = $2;
$bytes = $3;
; Might still be interested in port numbers used...
; next ALOOP if ( $bytes == 0 );
print "$p1\t$p2\t$bytes\n";
}
This is GNU/Linux tcpdump. Run on a hub shared with your gateway. Setup cron
to capture x number of packets every y minutes, and dump to a series of files
which get periodically processed into summary stats.
--
Ron Peterson -o)
87 Taylor Street /\\
Granby, MA 01033 _\_v
https://www.yellowbank.com ----
