From: Manikantan Ramadas (firstname.lastname@example.org)
Date: Mon, 11 Aug 2003 16:34:13 -0400 From: Manikantan Ramadas <email@example.com> Subject: Re: tcptrace-bugs Can i filter according to the application of the traffic Message-ID: <20030811203413.GE22868@irg.cs.ohiou.edu>
> I would like to ask what should i type if i want to get the statistics
> for the aplication of the traffice such as how many http connection, ftp
> connection, snmp and smtp connection.
The traffic module might be your friend here. Saying :
tcptrace -xtraffic file.dmp
where file.dmp is your dumpfile, should leave a file called
traffic_byport.dat in your working directory having basic port-wise
statistics. You may also give stuff like :
tcptrace -xtraffic"-p22,25,80" file.dmp
to get you statistics on ports 22(SSH), 25(SMTP), 80(Web) only.
(I am making out a manual for tcptrace which documents stuff like this in
much more detail. It should be out in a week.)
> And also can i filtering the traffic according to these application which
> means can i just get the http connection and filtering all the other
You can filter out connections with the -f option as in :
tcptrace "-f port==80" file.dmp
to get you details of the http connections traced by tcptrace, and also
leave a file PF in the working directory having the connection numbers of
the http connections.
You may pull out those connections alone into a small file say, web.dmp
using something like :
tcptrace -oPF -Oweb.dmp file.dmp
Once again, the manual would hopefully answer your questions better soon.
-- "A man is but a product of his thoughts; what he thinks, that he becomes." - Mahatma Gandhi ____________________________________________________________________________ * Manikantan Ramadas * IRG, Ohio Univ. * http://irg.cs.ohiou.edu/~mramadas * ____________________________________________________________________________
This archive was generated by hypermail 2.1.7 : 08/12/03 EDT