Re: Logging http farms/packet sniffing

From: Glynn Clements (
Date: Fri Mar 03 2000 - 04:51:41 EST

G . Sumner Hayes wrote:

> tcpdump: Can tcpdump keep up with ~30Mbit/sec of traffic? Most of the
> traffic is outgoing, and it's just the incoming http requests that I'm
> interested in. How should I handle TCP stream reassembly if I go with
> tcpdump? Doing the reassembly as a post-processing step is fine if
> there's something out there that can handle it.

You might want "tcpflow"; this is similar to tcpdump, but snoops the
data portion of TCP streams (i.e. it discards the headers and
reassembles the payloads into a stream). It has tcpdump-style filter
expressions, and each half of a TCP connection is logged to a separate

Glynn Clements <>

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to

This archive was generated by hypermail 2b29 : Tue Mar 07 2000 - 21:00:27 EST