For When You Can't Have The Real Thing
[ start | index | login ]
start > tcpdump > tcprunner

tcprunner

Created by dave. Last edited by dave, 14 years and 158 days ago. Viewed 1,803 times. #1
[edit] [rdf]
labels
attachments

TCPRunner

TCPRunner is an excessively named perl script wrapped around tcpdump. To wit:

#!/usr/bin/perl

while(1) { $now=time; print "Listening at $now:"; `tcpdump -c 2000 -w $now.eth not host 10.17.5.38`; }

The idea being that this script saves the majority of traffic which does not involve the listening system in manageable bite-sized chunks. Said chunks can then be examined with ethereal or something else.

The logic behind the exclusion is that usually I'm running this remotely and I don't really need to see all my ssh packets showing up in the stream. You could do whatever you like with the tcpdump filtering system; this is merely an example.

Future enhancements could include

  • a reasonable front-end with command-line parsing
  • a separate thread that would periodically wake up and remove any chunks older than a certain interval, or in excess of any top number of chunks.
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt