SLUG Mailing List Archives - Re: [SLUG] Tcpdump - multiple filters to multiple files?

To: mkraus@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: [SLUG] Tcpdump - multiple filters to multiple files?
From: Adam Hewitt <adam.hewitt@xxxxxxxxxxxx>
Date: 24 Jun 2003 10:21:09 +1000
Cc: SLUG <slug@xxxxxxxxxxx>

Mike,

I believe the original request was looking at about 100 ips, and a
scalable solution. I dont think 100 tcpdumps is either simple or
scalable.

Adam.

On Tue, 2003-06-24 at 10:12, mkraus@xxxxxxxxxxxxxxxxxxxxxx wrote:
> G'day...
> 
> Have you considered doing a:
> 
> # tcpdump -i <interface> | grep 1.2.3.4 > 1.2.3.4.log &
> # tcpdump -i <interface> | grep 2.3.4.5 > 2.3.4.5.log &
> 
> Of course, you may wish to refine the grep regexp if you are getting
> other stray lines in your log files.
> 
> Never underestimate the power of the simple axioms that already exist.
> :)
> 
> Warmest regards
> 
> Mike
> ---
> Michael S. E. Kraus
> Network Administrator
> Capital Holdings Group (NSW) Pty Ltd
> p: (02) 9955 8000
> 
> 
> 
> Umar Goldeli
> <umar@xxxxxxxxxxxxxxxxxxxx>
> Sent by:
> slug-bounces@xxxxxxxxxxx
> 
> 23/06/2003 08:01 PM
>         
>         To:      
> slug@xxxxxxxxxxx
>         cc:        
>         Subject:      
> [SLUG] Tcpdump -
> multiple filters to
> multiple files?
> 
> 
> Howdy,
> 
> How are we all? :)
> 
> Here's an interesting question that I'm looking for a solution to -
> quite 
> simply, is there a way to run tcpdump to capture different ip
> addresses 
> and output them to different files without running multiple copies of 
> tcpdump?
> 
> Specifically - something along these lines:
> 
> * A single tcpdump process captures packets with source or dest IP: 
> 1.2.3.4 and outputs the results to 1.2.3.4.log whilst at the same time
> doing the same for 2.3.4.5 and 2.3.4.5.log respectively.
> 
> Ideally - this scales to the 100 mark or so.. and FAST.
> 
> I'm pretty sure this can't be done with tcpdump/libpcap - but is there
> another utility?
> 
> If none exists - how hard would it be to code such a beast? Also -
> could 
> it be coded portably so it could compile/run on Solaris etc?
> 
> Looking forward to hearing your replies...
> 
> Thanks in advance. :)
> 
> Cheers,
> Umar.
> 
> -- 
> SLUG - Sydney Linux User's Group - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug
> 
> 
> 
> 
> 
> ______________________________________________________________________
> -- 
> SLUG - Sydney Linux User's Group - http://slug.org.au/
> More Info: http://lists.slug.org.au/listinfo/slug

References:
- Re: [SLUG] Tcpdump - multiple filters to multiple files?
  - From: mkraus

Messages sorted by: [ date | thread ]
Prev by Date: Re: [SLUG] Tcpdump - multiple filters to multiple files?
Next by Date: Re: [SLUG] Tcpdump - multiple filters to multiple files?
Previous by thread: Re: [SLUG] Tcpdump - multiple filters to multiple files?
Next by thread: Re: [SLUG] Tcpdump - multiple filters to multiple files?