-----Original Message----- From: fedora-list-request@xxxxxxxxxx [mailto:fedora-list-request@xxxxxxxxxx] Sent: Wednesday, July 9, 2008 03:38 PM To: fedora-list@xxxxxxxxxx Subject: fedora-list Digest, Vol 53, Issue 75 Message: 5 Date: Wed, 09 Jul 2008 14:39:38 -0500 From: Kevin Martin <kevintm@xxxxxxxxxxxxx> Subject: Re: tcpdump To: For users of Fedora <fedora-list@xxxxxxxxxx> Message-ID: <487513FA.9010809@xxxxxxxxxxxxx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed tony.chamberlain@xxxxxxxxx wrote: > I want to look at all the traffic coming to my web browser (192.168.5.191) > (tomcat on port 80) using tcpdump. > > If I say tcpdump port 80 > > that will get 80 coming and going. Also if I say > tcpdump dst port 80 > I will still get any traffic I have to other web sites. > > I thought tcpdump (dst port 80) and (dst host 192.168.5.191) > would work but that does not seem to get anything. I went to > 192.168.5.191/~chamberl from another machine, got my web page > but nothing in the tcp dump. > > What is the correct way to do this (all incoming to my web browser)? > Theoretically besdies 192.168.5.191 I would also like 127.0.0.1 > > > Are you listening on the correct device? I just tried: tcpdump dst port 22 and dst host 10.10.20.20 and didn't get anything but when I added the "-i <device>" that 10.10.20.20 is bound to then I got the correct information. Kevin ================================================== Actually it doesn't really matter I think. On my machine it doesn't work but it works fine on some other ones. I want to monitor a different machine anyway. Here is a tcpdump/bash question though. (The following works if I don't use the port filter stuff). I do something like this (I abbreviate it hwere for space): while : do mytotlen=0 nowdate=$(date +"%s") ((stopdate=nowdate+60)) tcpdump -nne -i eth0 '(dst port 80)' and '(dst host 10.0.0.10)' | while [ $(date +"%s") -lt $stopdate do tim="" # I leave out some names in this message # to save space. I actually read everything read -t4 tim ... length REST [ "$tim" != "" ] && ((mytotlen+=length)) done echo "Total TCP length in the last minute is $mytotlen" done The loop is executed fine (for debugging I print out the value of tim and length). Problem is, once the while loop is completed it locks up and never echoes the total tcp length. I think this is because the tcpdump is still running and blocking. I don't believe before the echo I could put something like pkill tcpdump. But what can I do to get this to work? (Actually there is another problem here too that mytotlen inside the loop is a local variable in a different scope than when I echo it but I solved this by inside the loop echoing it to a file, and then reading the file outside the loop, but that is irrelevant). -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
