Howdy, > I don't know any way to do this with existing tools, but it would > presumably not be a particularly difficult task for a c programmer to > modify tcpdump for this purpose.
Know any good ones? :) > Depending how much speed you really need, this could also be done in perl > using Net::Pcap. Nope - it has to be done in C/C++.. no perl on the platform. :\ > snort might also be of interest. I'm not particularly familiar with it, > but it seems like the sort of thing I'd want it to do. That's not a bad idea - I'll have a poke around snort.. hmm.. but I think it uses libpcap as well.. danke.. //umar. > > tcpflow splits trafic by tcp stream. Not sure if that's useful to you. > > > Andrew > > > > On Mon, 23 Jun 2003, Umar Goldeli wrote: > > > Date: Mon, 23 Jun 2003 20:01:17 +1000 (EST) > > From: Umar Goldeli <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: [SLUG] Tcpdump - multiple filters to multiple files? > > > > Howdy, > > > > How are we all? :) > > > > Here's an interesting question that I'm looking for a solution to - quite > > simply, is there a way to run tcpdump to capture different ip addresses > > and output them to different files without running multiple copies of > > tcpdump? > > > > Specifically - something along these lines: > > > > * A single tcpdump process captures packets with source or dest IP: > > 1.2.3.4 and outputs the results to 1.2.3.4.log whilst at the same time > > doing the same for 2.3.4.5 and 2.3.4.5.log respectively. > > > > Ideally - this scales to the 100 mark or so.. and FAST. > > > > I'm pretty sure this can't be done with tcpdump/libpcap - but is there > > another utility? > > > > If none exists - how hard would it be to code such a beast? Also - could > > it be coded portably so it could compile/run on Solaris etc? > > > > Looking forward to hearing your replies... > > > > Thanks in advance. :) > > > > Cheers, > > Umar. > > > > > > -- > > No added Sugar. Not tested on animals. If irritation occurs, > discontinue use. > > ------------------------------------------------------------------- > Andrew McNaughton In Sydney > Working on a Product Recommender System > [EMAIL PROTECTED] > Mobile: +61 422 753 792 http://staff.scoop.co.nz/andrew/cv.doc > > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
