Hello List, I'm new to tcpdump, so don't beat me if my question is to stupid, but I don't know how to succed. I like to count the Traffic from all my used IP numbers of my customers. The results that I need are the IP, the used port number and of course the traffic being produced. I'm running tcpdump on my Firewall like this:
tcpdump -t -f -q -n -i eth0 -v tcp and this is the output of it: 2:51:37.154713 192.168.0.3.39502 > 192.168.0.41.6000: tcp 4 (DF) (ttl 64, id 4464, len 56) 12:51:37.154868 192.168.0.41.6000 > 192.168.0.3.39502: tcp 32 (DF) (ttl 64, id 48505, len 84) 12:51:37.155375 192.168.0.3.39503 > 192.168.0.25.3389: tcp 61 (DF) (ttl 64, id 15357, len 113) 12:51:37.157318 192.168.0.40.6000 > 192.168.0.3.39985: tcp 672 (DF) (ttl 64, id 43358, len 724) 12:51:37.157354 192.168.0.3.39985 > 192.168.0.40.6000: tcp 1448 (DF) (ttl 64, id 43129, len 1500) IP and ports are clear so far, but what is the produced traffic of each paket? I assume it is the value after "len" is it? I'm not shure of it because when I transfer a file with 3,5 MB over ftp and count the "len" Output from tcpdump divide to 8/1024/1024 I got about 7,5 MB of traffic. So my questions is how to get the correct traffic count out of tcpdump. Any help is really appreciated Hans-Juergen - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
