[plug] broadband monitoring?

William Kenworthy billk at iinet.net.au
Wed Jun 27 09:03:07 WST 2007


* Warning: safe for CLI warriors (see below :)

Hi Rob - how about using tcpdump and offline processing?  Wireshark can
also do it using tshark.  Wiresharks can also read the files back in for
detail offline analysis.

E.g. 
tcpdump -i eth0 -s 0 -w a.dump

and

tcpdump -A -r a.dump|grep "whatever takes your fancy"

A simple script can provide rotated dump files for long term traps.
Using grep you can duplicate a lot of wiresharks processing a lot faster
(processing time) when you have multi-gigabyte dumps.  Also, you can
dump everything, then post-process using tcpdump with different options
to filter down (i.e., per port or ipaddress or whatever)  System load is
moderate compared to wireshark with GUI.  tshark has some useful output
options that may be useful over tcpdump, but the venerable tcpdump is
usually what I use first, then post-process the dump files using tshark.

BillK


On Tue, 2007-06-26 at 18:22 +1000, Rob Dunne wrote:
> Hi Gavin,
> 
> Gavin Chester wrote:
> 
> > 
> > Warning: CLI warriors avert your eyes, this is GUI talk ;-) gkrellm is
> > g



More information about the plug mailing list