how to print timestamp in output files for every message

[pavan...@gmail.com]

I am using tcpflow 1.3.0 version for CentOS 5 to capture tcp data on sockets and print tcp messages to files.  But I would like to see the time when the message is received/sent at the message level(not file level). Right now it is printing just the message  Is there an option to set ? If not can someone please suggest where I can make modifications in the code to include timestamps using time from the local linux server?

Thanks

[Simson Garfinkel]

What do you mean by "message level" ?  Are you referring to a particular TCP protocol?

On Feb 24, 2016, at 9:29 AM, pavan...@gmail.com wrote:

I am using tcpflow 1.3.0 version for CentOS 5 to capture tcp data on sockets and print tcp messages to files.  But I would like to see the time when the message is received/sent at the message level(not file level). Right now it is printing just the message  Is there an option to set ? If not can someone please suggest where I can make modifications in the code to include timestamps using time from the local linux server?

Thanks

--
You received this message because you are subscribed to the Google Groups "tcpflow-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tcpflow-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[pavan...@gmail.com]

The idea was to capture the tcp message and prepend it with current timestamp and log it to files.  I was able to achieve it.   But now I have another issue.  When I try to monitor the sockets on localhost it works even after giving the ip address of the server.  But when I run tcpflow to monitor sockets on remote server tcpflow is not working.

My tcpflow command is :

tcpflow -c -i any host 172.xx.xxx.111 and tcp dst portrange 1000-65000 and src portrange 1000-65000

If I run the above command from the same machine it works but if I run it from another server it does not work.  Can you please help me how to make this work?

thanks

[Simson Garfinkel]

Hi.

You are having problems with libpcap and basic packet capturing. I suggest you check your commands first using tcpdump. You can also capture the packets first using tcpdump and reassemble the tcp streams at a later point in time. That will provide the functionality you wish.

I'm sorry, but I cannot provide you with technical support regarding packet capture issues.

[pavan...@gmail.com]

Thank you for the input.  I have checked the tcpdump commands. It also can monitor local ports only.  It is not capturing the packets from the ports of a remote server.  So it looks like tcpdump/tcpflow cannot capture the data from ports of a remote server.  Only local ports can be monitored. My idea  was to install tcpflow on a different machine(Server #2) and monitor ports of a remote server(Server #1) from Server #2 so that Server #1 will not have the performance hit.

Thanks again