[c-nsp] packet monitoring?
Will Hargrave
will at harg.net
Mon Mar 6 05:49:48 EST 2006
barney gumbo wrote:
> To the best of my knowledge,
> ethereal and sniffer can do this to a certain extent however I'm not
> interested in using system resources to capture the whole packet payload, I
> just want to be able to sumarize layers 3 through 4 and if the app can break
> this down into complete sockets or estimate the UDP flows that would be
> great too.
You can use tethereal's data processing to summarise the data. -z is the
statistics option. -z io,phs -z conv,ip -z conv,tcp are my favourites. There
are wealth of useful options in there.
e.g.
[root at foo ~]# tethereal -i eth2 -z conv,tcp -q -a duration:1
Capturing on eth2
4147 packets captured
================================================================================
TCP Conversations
Filter:<No Filter>
| <- | | ->
| | Total |
| Frames Bytes | | Frames
Bytes | | Frames Bytes |
70.26.94.79:6348 <-> 192.0.1.27:4520 67 71202 31 2305
98 73507
140.116.74.26:7043 <-> 192.0.1.185:3615 48 3600 49 51804
97 55404
84.133.27.83:50000 <-> 192.0.1.40:1850 57 39980 34 8323
91 48303
24.184.200.171:31719 <-> 192.0.1.5:2484 61 86674 29 1740
90 88414
[snip]
Will
More information about the cisco-nsp
mailing list