What do you mean by 'safe'?
The only side affects I can think of to running tcpdump on an
interface constantly, is the generation of large log files (if you
re-directed to log files) as well as the fact that it usually puts an
interface into 'promiscuous mode'. (See the -p flag.) This offloads
network traffic onto the cpu which could introduce additional network
latency for high throughput networks in some situations. (As far as
how much latency, if any, and whether it's actually a problem depends
on many factors. Test it.)
Other ways to generate network logs would be via the logging feature
of the PF firewall. You can setup specific rules to capture tcpdump
compatible logs and send them either to a log file or to a pseudo
network interface (the pflog device) for live viewing. There's a
chapter about this covered in Peter Hansteen's The Book of PF.
-Modulok-
On 3/5/11, erikmccaskey64 erikmccaske...@zoho.com wrote:
Is it safe to always run tcpdump on the server, e.g.: like this:
tcpdump -qn dst net 192.168.1.0/24
I need it to audit the network .. :\
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
