Howdy, How are we all? :)
Here's an interesting question that I'm looking for a solution to - quite simply, is there a way to run tcpdump to capture different ip addresses and output them to different files without running multiple copies of tcpdump? Specifically - something along these lines: * A single tcpdump process captures packets with source or dest IP: 1.2.3.4 and outputs the results to 1.2.3.4.log whilst at the same time doing the same for 2.3.4.5 and 2.3.4.5.log respectively. Ideally - this scales to the 100 mark or so.. and FAST. I'm pretty sure this can't be done with tcpdump/libpcap - but is there another utility? If none exists - how hard would it be to code such a beast? Also - could it be coded portably so it could compile/run on Solaris etc? Looking forward to hearing your replies... Thanks in advance. :) Cheers, Umar. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
