Re: Logging http farms/packet sniffing

From: Glynn Clements (glynn@sensei.co.uk)
Date: Fri Mar 03 2000 - 04:51:41 EST


G . Sumner Hayes wrote:

> tcpdump: Can tcpdump keep up with ~30Mbit/sec of traffic? Most of the
> traffic is outgoing, and it's just the incoming http requests that I'm
> interested in. How should I handle TCP stream reassembly if I go with
> tcpdump? Doing the reassembly as a post-processing step is fine if
> there's something out there that can handle it.

You might want "tcpflow"; this is similar to tcpdump, but snoops the
data portion of TCP streams (i.e. it discards the headers and
reassembles the payloads into a stream). It has tcpdump-style filter
expressions, and each half of a TCP connection is logged to a separate
file.

-- 
Glynn Clements <glynn@sensei.co.uk>

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu



This archive was generated by hypermail 2b29 : Tue Mar 07 2000 - 21:00:27 EST