Ok, this may be odd to many, but here's what I want: I like tcpdump's powerful ways of selecting and analyzing specific portions of packet traffic, but I want a real-time way to represent the results. I am blind, so graphs don't help. <grin> Usually all I want to know is the pattern of packet match frequency vs. time, so a little click for each matching packet would translate nicely into what I'm looking for.
My normal tactic involves directing output from tcpdump to /dev/audio or even /dev/pcaudio: tcpdump -l -n [... rules for traffic ...] >/dev/audio is the first trick I tried. Problem: It causes me to get kernel errors like "runt packet" and such, presumably because it adds too mmuch overhead to packet processing somehow. (This is a P166; maybe that problem wouldn't exist on faster hardware?) My next trick was like tcpdump -s 1 -w /dev/audio [... rules for traffic ...] No errors this time, but the output of -w is buffered regardless of -l (which normally makes a lot of sense, of course), so it wasn't very real-time. I currently run FreeBSD 4.10-STABLE, but I'd be interested in any solutions requiring 5.x features as well, for future planning. Please Cc me if you have any ideas. Thanks much. -- Doug Lee [EMAIL PROTECTED] http://www.dlee.org Bartimaeus Group [EMAIL PROTECTED] http://www.bartsite.com The very smart may feel they have nothing to learn from anyone; The very wise will find something to learn from everyone. (7/14/01) _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
