Re: measure upload and download traffic ratio to specific port using tcpdump

[Martin T <m4rtntns () gmail com>]

As a note to myself, one is able to configure filters in iptraf :P
However, if one would like to use tcpdump, then following syntax
should work:

# tcpdump -w download-traffic.cap -ni fxp1 -s 0 'src host <remote_IP>
and src port 3389' & tcpdump -w upload-traffic.cap -ni fxp1 -s 0 'src
host <local_IP> and dst port 3389'

Later do:

[root@ ~]# ls -lh *.cap
-rw-r--r--  1 root  wheel    72K Oct 28 15:05 download-traffic.cap
-rw-r--r--  1 root  wheel    36K Oct 28 15:05 upload-traffic.cap
[root@ ~]#

Am I correct? Any other thoughts on this topic? And this seems to be
logical that upload traffic is smaller because only keyboard input,
cursor coordinates etc is uploaded to server..


regards,
martin



2011/10/27 Martin T <m4rtntns () gmail com>:
> I would like to measure ratio between download traffic and upload
> traffic when using Windows Terminal Server(RDP; TCP port 3389). I
> would use iptraf, but there are other connections over this interface
> and I'm not able to disconnect this. Is it possible to measure
> bandwidth usage with tcpdump? I tried this:
>
> [root@ ~]# tcpdump -w download-traffic.cap -s 0 -ni eth1 src port 3389
> & tcpdump -w upload-traffic.cap -s 0 -ni eth1 dst port 3389
>
> ..and later did:
>
> [root@ ~]# ls -lh *traffic*
> -rw-r--r--  1 root  wheel    68K Oct 27 14:35 download-traffic.cap
> -rw-r--r--  1 root  wheel    38K Oct 27 14:34 upload-traffic.cap
> [root@ ~]#
>
> ..but I'm not quite sure this is a correct way do do this. I mean
> despite the "-s 0" option, I see only package headers saved into
> download-traffic.cap and upload-traffic.cap files, but I need whole
> packages saved..
>
>
> regards,
> martin
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.