Hey all,
I could use some help with this...
I've got some serious space problems and I need to keep at least a
week's worth of tcpdump files (they're about 200 MB per day). I've
been storing the dump to my DAT and it's been just dandy doing so. I
use the dump in my little IPAUDIT-based suite (I'd "cat /dev/st0 |
filter.pl" and it would generate the stats I need for accounting in a
jiffy... kinda).
I've finally managed to spend a little more time on my little work of
art and came upon Ethereal and saw that it would be REALLY cool to see
the network traffic. Anyway, I've got a week's worth of DATs and some
really useful (for me at least) Ethereal filters but there's a
problem...
Question: Is there some way to make ethereal read tcpdump files from
STDIN?
I don't have that much HD space to dump the files from tape into a tmp
file and even if I didn't it would be redundant to do so, I've already
got it on tape anyway!
BTW, I dump the tcpdump output strait to the tape via:
tcpdump -s 65535 -w - "_my_expressions_" > /dev/st0
It's probably not what the purists would do but it gets my job done in
with the least amount of annoyance. The recovery method that I use
is:
cat /dev/st0 | filter.pl
The EOF that the DAT places at the end of the file is enough to stop
the input flow, the filtering process runs slightly faster than my 6
MB/s DAT so I've never had any memory problems.
Thanks for the help - I'm stumped on this, I've tried every means I
know and it just doesn't work!
Thanks from Brazil,
Andre Kajita.
--
Andre Kajita - Network Administrator <admin@xxxxxxxxxxxxxxxxxxx>
Camara Municipal de Sao Jose dos Campos - SP
http://www.camarasjc.sp.gov.br
