On Wednesday 02 April 2008, Jesse Kempf wrote: > Hi, > So tcpdump tends to jam up the terminal a bit when you try to dump on a > saturated gigabit link. I've added a -P option to tcpdump that lets you > specify a probability for tcpdump to print each packet. It uses > drand48() to figure out whether each packet captured should be printed. > Obviously this isn't the same thing as saying "print every Nth packet" > since this is a Bernoulli process and the expected value of the number > of printed packets is different. > > Also, I hacked up the print_packet function, so this only works for > parse and print mode.
Hello, Wouldn't it be better to allow several different types of sampling that would match the commonly encountered schemas: - random probabilistic sampling (Bernoulli's sampling) - systematic sampling (not really random - just the skip counter) - sFlow like sampling schema (on average 1-out-of-N samples) And does it have to be done on the printing level? I don't know the details, but it would make much more sense to apply the 'random filtering' as early as possible. Cheers, Milosz -- Milosz Marian Hulboj http://www.linkedin.com/in/mhulboj
signature.asc
Description: This is a digitally signed message part.
