Jesse Kempf wrote:
Hi,
So tcpdump tends to jam up the terminal a bit when you try to dump on a
saturated gigabit link. I've added a -P option to tcpdump that lets you
specify a probability for tcpdump to print each packet. It uses
drand48() to figure out whether each packet captured should be printed.
Obviously this isn't the same thing as saying "print every Nth packet"
since this is a Bernoulli process and the expected value of the number
of printed packets is different.
The wording won't sound right... but what's the point? Just wanting to
watch pseudo-random subsets of the traffic? I'd think that if one
wanted to be tracing a gigabit link one would trace to a binary file and
post-process, or have a rather specific filter in place?
rick jones
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
