G . Sumner Hayes wrote:
> tcpdump: Can tcpdump keep up with ~30Mbit/sec of traffic? Most of the
> traffic is outgoing, and it's just the incoming http requests that I'm
> interested in. How should I handle TCP stream reassembly if I go with
> tcpdump? Doing the reassembly as a post-processing step is fine if
> there's something out there that can handle it.
You might want "tcpflow"; this is similar to tcpdump, but snoops the
data portion of TCP streams (i.e. it discards the headers and
reassembles the payloads into a stream). It has tcpdump-style filter
expressions, and each half of a TCP connection is logged to a separate
file.
--
Glynn Clements <[EMAIL PROTECTED]>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
