G'day...
Have you considered doing a:
# tcpdump -i <interface> | grep 1.2.3.4 > 1.2.3.4.log &
# tcpdump -i <interface> | grep 2.3.4.5 > 2.3.4.5.log &
Of course, you may wish to refine the grep regexp if you are getting other stray lines in your log files.
Never underestimate the power of the simple axioms that already exist. :)
Warmest regards
Mike
---
Michael S. E. Kraus
Network Administrator
Capital Holdings Group (NSW) Pty Ltd
p: (02) 9955 8000
| Umar Goldeli <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 23/06/2003 08:01 PM
|
To: [EMAIL PROTECTED] cc: Subject: [SLUG] Tcpdump - multiple filters to multiple files? |
Howdy,
How are we all? :)
Here's an interesting question that I'm looking for a solution to - quite
simply, is there a way to run tcpdump to capture different ip addresses
and output them to different files without running multiple copies of
tcpdump?
Specifically - something along these lines:
* A single tcpdump process captures packets with source or dest IP:
1.2.3.4 and outputs the results to 1.2.3.4.log whilst at the same time
doing the same for 2.3.4.5 and 2.3.4.5.log respectively.
Ideally - this scales to the 100 mark or so.. and FAST.
I'm pretty sure this can't be done with tcpdump/libpcap - but is there
another utility?
If none exists - how hard would it be to code such a beast? Also - could
it be coded portably so it could compile/run on Solaris etc?
Looking forward to hearing your replies...
Thanks in advance. :)
Cheers,
Umar.
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
