[c-nsp] packet monitoring?

Will Hargrave will at harg.net
Mon Mar 6 05:49:48 EST 2006


barney gumbo wrote:
> To the best of my knowledge,
> ethereal and sniffer can do this to a certain extent however I'm not
> interested in using system resources to capture the whole packet payload, I
> just want to be able to sumarize layers 3 through 4 and if the app can break
> this down into complete sockets or estimate the UDP flows that would be
> great too.

You can use tethereal's data processing to summarise the data. -z is the 
statistics option. -z io,phs  -z conv,ip  -z conv,tcp are my favourites. There 
are wealth of useful options in there.

e.g.

[root at foo ~]# tethereal -i eth2 -z conv,tcp -q -a duration:1
Capturing on eth2
4147 packets captured
================================================================================
TCP Conversations
Filter:<No Filter>
                                                |       <-      | |       -> 
    | |     Total     |
                                                | Frames  Bytes | | Frames 
Bytes | | Frames  Bytes |
70.26.94.79:6348     <-> 192.0.1.27:4520       67     71202      31      2305 
     98     73507
140.116.74.26:7043   <-> 192.0.1.185:3615      48      3600      49     51804 
     97     55404
84.133.27.83:50000   <-> 192.0.1.40:1850       57     39980      34      8323 
     91     48303
24.184.200.171:31719 <-> 192.0.1.5:2484        61     86674      29      1740 
     90     88414

[snip]

Will



More information about the cisco-nsp mailing list