On 2007-01-15 13:08, Dmitry Rubinstein wrote:
> We are trying to capture stuff using a relatively simple filter (on
> Linux, using Phil Wood's PCAP with ssldump on top of it). What we want
> is basically to capture the traffic to and from a specific port of a
> specific host (say, 10.0.0.1:80). So
Hi,
> Will we be able to capture twice as few packets (hopefully not)? I was
> hoping to kinda avoid the need to do this test if anyone has already did
> some sort of evaluation...
Complex filters are cheap in terms of capturing performance. For a
detailed examination take a look at:
http://
Dmitry Rubinstein wrote:
Greetings, everyone!
We are trying to capture stuff using a relatively simple filter (on
Linux, using Phil Wood's PCAP with ssldump on top of it). What we want
is basically to capture the traffic to and from a specific port of a
specific host (say, 10.0.0.1:80). So far
Greetings, everyone!
We are trying to capture stuff using a relatively simple filter (on
Linux, using Phil Wood's PCAP with ssldump on top of it). What we want
is basically to capture the traffic to and from a specific port of a
specific host (say, 10.0.0.1:80). So far we did it using the filter
