tcpdump
tony.chamberlain at lemko.com
tony.chamberlain at lemko.com
Fri Jul 11 11:45:31 UTC 2008
-----Original Message-----
From: fedora-list-request at redhat.com [mailto:fedora-list-request at redhat.com]
Sent: Wednesday, July 9, 2008 03:38 PM
To: fedora-list at redhat.com
Subject: fedora-list Digest, Vol 53, Issue 75
Message: 5
Date: Wed, 09 Jul 2008 14:39:38 -0500
From: Kevin Martin <kevintm at ameritech.net>
Subject: Re: tcpdump
To: For users of Fedora <fedora-list at redhat.com>
Message-ID: <487513FA.9010809 at ameritech.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
tony.chamberlain at lemko.com wrote:
> I want to look at all the traffic coming to my web browser (192.168.5.191)
> (tomcat on port 80) using tcpdump.
>
> If I say tcpdump port 80
>
> that will get 80 coming and going. Also if I say
> tcpdump dst port 80
> I will still get any traffic I have to other web sites.
>
> I thought tcpdump (dst port 80) and (dst host 192.168.5.191)
> would work but that does not seem to get anything. I went to
> 192.168.5.191/~chamberl from another machine, got my web page
> but nothing in the tcp dump.
>
> What is the correct way to do this (all incoming to my web browser)?
> Theoretically besdies 192.168.5.191 I would also like 127.0.0.1
>
>
>
Are you listening on the correct device? I just tried:
tcpdump dst port 22 and dst host 10.10.20.20
and didn't get anything but when I added the "-i <device>" that
10.10.20.20 is bound to then I got the correct information.
Kevin
==================================================
Actually it doesn't really matter I think. On my machine it doesn't work
but it works fine on some other ones. I want to monitor a different machine
anyway.
Here is a tcpdump/bash question though. (The following works if I don't
use the port filter stuff).
I do something like this (I abbreviate it hwere for space):
while :
do
mytotlen=0
nowdate=$(date +"%s")
((stopdate=nowdate+60))
tcpdump -nne -i eth0 '(dst port 80)' and '(dst host 10.0.0.10)' |
while [ $(date +"%s") -lt $stopdate
do
tim=""
# I leave out some names in this message
# to save space. I actually read everything
read -t4 tim ... length REST
[ "$tim" != "" ] && ((mytotlen+=length))
done
echo "Total TCP length in the last minute is $mytotlen"
done
The loop is executed fine (for debugging I print out the value of tim and
length). Problem is, once the while loop is completed it locks up and
never echoes the total tcp length. I think this is because the tcpdump
is still running and blocking. I don't believe before the echo I could put
something like pkill tcpdump. But what can I do to get this to work?
(Actually there is another problem here too that mytotlen inside the loop
is a local variable in a different scope than when I echo it but I solved
this by inside the loop echoing it to a file, and then reading the file
outside the loop, but that is irrelevant).
More information about the fedora-list
mailing list