Getting traffic rate traces bound to each active tcp link
Riccardo Manfrin
I need to track each TCP link traffic load (rate). I already have the
information regarding all opened TCP links, but I don't know what the
best way could be to retrieve traffic information to associate to those.
To do the job what I need is basically
a) to bind a packet to the correct flow, hence knowing the tuple:
[src_ip, src_port, dst_ip, dst_port, transport]
b) to know the packet size (optionally the timestamp would help too,
but I can generate that independently).
This having been said, what the best way to accomplish the task could
be? I was planning on using a tcpdump based sniffer but it looks pretty
much inefficient to export all packets to userspace, while data is
probably there to be grasped in some /proc subfolders or kernel structures.
I just need you to address me with the problem towards a
non-100%-load-CPU solution.
Thanks in advance and Merry Xmas,
R
tchernobog
<namesurn...@guesswhat.guesswhat> wrote:
> Hi NG,
>
> This having been said, what the best way to accomplish the task could
> be? I was planning on using a tcpdump based sniffer but it looks pretty
> much inefficient to export all packets to userspace, while data is
> probably there to be grasped in some /proc subfolders or kernel structures.
> I just need you to address me with the problem towards a
> non-100%-load-CPU solution.
libpcap + http://www.ntop.org/PF_RING.html
Come fa ntop. Non credo si possa fare molto meglio senza scrivere un
modulo per il kernel.
Ciao,
m.