tcpdump mailing list archives
Re: [Patch] tcpdump probabilistic sampling
From: Rick Jones <rick.jones2 () hp com>
Date: Tue, 01 Apr 2008 17:40:58 -0700
Jesse Kempf wrote:
Hi,So tcpdump tends to jam up the terminal a bit when you try to dump on a saturated gigabit link. I've added a -P option to tcpdump that lets you specify a probability for tcpdump to print each packet. It uses drand48() to figure out whether each packet captured should be printed. Obviously this isn't the same thing as saying "print every Nth packet" since this is a Bernoulli process and the expected value of the number of printed packets is different.
The wording won't sound right... but what's the point? Just wanting to watch pseudo-random subsets of the traffic? I'd think that if one wanted to be tracing a gigabit link one would trace to a binary file and post-process, or have a rather specific filter in place?
rick jones - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- [Patch] tcpdump probabilistic sampling Jesse Kempf (Apr 01)
- Re: [Patch] tcpdump probabilistic sampling Rick Jones (Apr 01)
- Re: [Patch] tcpdump probabilistic sampling Jesse Kempf (Apr 01)
- Re: [Patch] tcpdump probabilistic sampling Bruce M Simpson (Apr 02)
- Re: [Patch] tcpdump probabilistic sampling Jesse Kempf (Apr 02)
- Re: [Patch] tcpdump probabilistic sampling Michael Richardson (Apr 02)
- Re: [Patch] tcpdump probabilistic sampling Ken Bantoft (Apr 02)
- Re: [Patch] tcpdump probabilistic sampling Jesse Kempf (Apr 02)
- Re: [Patch] tcpdump probabilistic sampling Guy Harris (Apr 14)
- Re: [Patch] tcpdump probabilistic sampling Michael Richardson (Apr 14)
- Re: [Patch] tcpdump probabilistic sampling Kris Katterjohn (Apr 14)
- Re: [Patch] tcpdump probabilistic sampling Milosz Marian Hulboj (Apr 02)
(Thread continues...)
- Re: [Patch] tcpdump probabilistic sampling Rick Jones (Apr 01)