Re: [Nolug] Re: Help with tcpdump

From: Joey Kelly <joey_at_joeykelly.net>
Date: Thu, 11 Aug 2011 09:00:24 -0500
Message-Id: <201108110900.25031.joey@joeykelly.net>

On Thursday 11 August 2011 07:13, Gilberto Martins wrote:
> Does anybody can help me with this tcpdump issue ?

I can suggest an alternate, simpler path...

Run iptraf, vnstat or similar on the interface connected to the other guy's
LAN and you'll have the bandwidth he uses. ntop can give you info about who
he's talking to, as could a transparent squid instance on his segment.

--Joey

>
> Gilberto Martins
>
>
>
> On Mon, Jul 18, 2011 at 1:53 PM, Gilberto Martins
>
> <gsilva.martins@gmail.com>wrote:
> > Hi guys.
> >
> > I need a help with tcpdump, which is the tool I think works finest for
> > that. But I guess that if I present you my structure, maybe one of you
> > come out with a better solution.
> >
> > My structure is composed by a Linux Firewall with interfaces to an
> > User Net (10.8.0.0/22) and two external access. In this net, there is
> > a server from another company. We have no access to it, but we allow
> > them the use of our infrastructure. His communication is not
> > encripted.
> > Now, my boss desires to know:
> > 1 - The percentage of its use, faced to our use;
> > 2 - The hosts that communicate to him
> >
> > I really don't know if there is any already made tool that could solve
> > this out, but I found that I could colect the whole stream with
> > tcpdump, and split the collection with many other tools. So what I
> > did:
> >
> > To collect the whole stream:
> >
> > # sudo tcpdump -tttt -vn -i eth1 host <server> > ~/ServerStream.txt
> >
> > After that, I will use sed, cut, grep to split it in the way I need.
> > My doubt is about the packet's size. A line from the capture is like:
> >
> > 2011-07-18 13:46:36.774050 IP (tos 0x10, ttl 64, id 32738, offset
> > 0, flags [DF], proto TCP (6), length 1500) 10.8.0.1.22 >
> > 10.8.2.6.54747: . 1758048:1759496(1448) ack 433 win 305
> > <nop,nop,timestamp 799795676 1961885>
> >
> > The size of this packet is 1500 bytes, extracted from "length 1500" ?
> >
> > Thanks, people!
> >
> > Gilberto Martins

-- 
Joey Kelly
Minister of the Gospel and Linux Consultant
http://joeykelly.net
504-239-6550
___________________
Nolug mailing list
nolug@nolug.org
Received on 08/11/11

This archive was generated by hypermail 2.2.0 : 08/11/11 EDT