listening on multiple interfaces
Peter Van Epp
vanepp at sfu.ca
Tue Apr 30 15:58:10 EDT 2002
Two machines each with tcpdump on a single interface connected to the
Shomiti is what I've used in the past to do such things with tcpreplay (i.e.
be able to play back an FDX stream). If you need a single tcpdump file with
both sides, I expect a channel bonded Linux box would do the trick (i.e two
hundred NICs channel bonded together and fed to tcpdump is reputed to work
although I haven't yet tried it myself). If you also want/need to play it back
there are mods to do such for tcpreplay (and tcpreplay itself) on ftp.sfu.ca
in /pub/unix/tcpreplay .
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
>
>
> Hi Folks,
>
> I've gotten used to argus' ability to listen on multiple ports on the same
> machine. (we use the Shomiti Century taps which have 2 outputs, one for TX and
> one for RX.)
> Is anyone aware of a tool that can write tcpdump formatted output files but
> capture from two interfaces simultaneously? Failing that, I guess I could use
> or write a tool to multiplex two seperate tcpdump streams together..
>
> Any ideas?
>
> I need to capture some streams for analysis and the only format my tools
> understand is tcpdump capture files.
>
> Thanks..
>
>
> -JEff
>
>
More information about the argus
mailing list