[Nolug] Re: Help with tcpdump

From: Gilberto Martins <gsilva.martins_at_gmail.com>
Date: Thu, 11 Aug 2011 09:13:04 -0300
Message-ID: <CAHBhT5-fVVEHNfVcKVgXhmY=uGo7QPbbVSXi2iS-G3S=8tGncQ@mail.gmail.com>

Does anybody can help me with this tcpdump issue ?

Gilberto Martins

On Mon, Jul 18, 2011 at 1:53 PM, Gilberto Martins
<gsilva.martins@gmail.com>wrote:

> Hi guys.
>
> I need a help with tcpdump, which is the tool I think works finest for
> that. But I guess that if I present you my structure, maybe one of you
> come out with a better solution.
>
> My structure is composed by a Linux Firewall with interfaces to an
> User Net (10.8.0.0/22) and two external access. In this net, there is
> a server from another company. We have no access to it, but we allow
> them the use of our infrastructure. His communication is not
> encripted.
> Now, my boss desires to know:
> 1 - The percentage of its use, faced to our use;
> 2 - The hosts that communicate to him
>
> I really don't know if there is any already made tool that could solve
> this out, but I found that I could colect the whole stream with
> tcpdump, and split the collection with many other tools. So what I
> did:
>
> To collect the whole stream:
>
> # sudo tcpdump -tttt -vn -i eth1 host <server> > ~/ServerStream.txt
>
> After that, I will use sed, cut, grep to split it in the way I need.
> My doubt is about the packet's size. A line from the capture is like:
>
> 2011-07-18 13:46:36.774050 IP (tos 0x10, ttl 64, id 32738, offset
> 0, flags [DF], proto TCP (6), length 1500) 10.8.0.1.22 >
> 10.8.2.6.54747: . 1758048:1759496(1448) ack 433 win 305
> <nop,nop,timestamp 799795676 1961885>
>
> The size of this packet is 1500 bytes, extracted from "length 1500" ?
>
> Thanks, people!
>
> Gilberto Martins
>

___________________
Nolug mailing list
nolug@nolug.org
Received on 08/11/11

This archive was generated by hypermail 2.2.0 : 08/11/11 EDT