FWIW....
I don't know any way to do this with existing tools, but it would
presumably not be a particularly difficult task for a c programmer to
modify tcpdump for this purpose.
Depending how much speed you really need, this could also be done in perl
using Net::Pcap.
snort might also be of interest. I'm not particularly familiar with it,
but it seems like the sort of thing I'd want it to do.
tcpflow splits trafic by tcp stream. Not sure if that's useful to you.
Andrew
On Mon, 23 Jun 2003, Umar Goldeli wrote:
> Date: Mon, 23 Jun 2003 20:01:17 +1000 (EST)
> From: Umar Goldeli <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [SLUG] Tcpdump - multiple filters to multiple files?
>
> Howdy,
>
> How are we all? :)
>
> Here's an interesting question that I'm looking for a solution to - quite
> simply, is there a way to run tcpdump to capture different ip addresses
> and output them to different files without running multiple copies of
> tcpdump?
>
> Specifically - something along these lines:
>
> * A single tcpdump process captures packets with source or dest IP:
> 1.2.3.4 and outputs the results to 1.2.3.4.log whilst at the same time
> doing the same for 2.3.4.5 and 2.3.4.5.log respectively.
>
> Ideally - this scales to the 100 mark or so.. and FAST.
>
> I'm pretty sure this can't be done with tcpdump/libpcap - but is there
> another utility?
>
> If none exists - how hard would it be to code such a beast? Also - could
> it be coded portably so it could compile/run on Solaris etc?
>
> Looking forward to hearing your replies...
>
> Thanks in advance. :)
>
> Cheers,
> Umar.
>
>
--
No added Sugar. Not tested on animals. If irritation occurs,
discontinue use.
-------------------------------------------------------------------
Andrew McNaughton In Sydney
Working on a Product Recommender System
[EMAIL PROTECTED]
Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
