Read more

start tcpdump log on high traffic

Claus-Theodor Riegg
November 25, 2015Software engineer at makandra GmbH

Logging tcpdump output all the time can create a huge amount of data. This can be both: too much data size on HDD and tiring to analyze. You can run a script in a screen which checks out the packages transfered per second and start a tcpdump when the packages exceed a fixed number.

#!/usr/bin/env bash

interface=eth0
dumpdir=/tmp/
packet_threshold=5000
log_packets=100000

while /bin/true; do
  pkt_old=`grep $interface: /proc/net/dev | cut -d :  -f2 | awk '{ print $2 }'`
  sleep 1
  pkt_new=`grep $interface: /proc/net/dev | cut -d :  -f2 | awk '{ print $2 }'`

  pkt=$(( $pkt_new - $pkt_old ))
  echo -ne "\r$pkt packets/s\033[0K"

  if [ $pkt -gt $packet_threshold ]; then
    echo -e "\n`date` high traffic, starting a tcpdump"
    tcpdump -n -s0 -c $log_packets -w $dumpdir/dump.`date +"%Y%m%d-%H%M%S"`.cap
    echo "`date` Packets dumped, sleeping now."
    sleep 300
  fi
done
Illustration online protection

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

  • Prevents you from data breaches and liability risks
  • Upgrade at your own pace
  • Works with modern Rubies
Read more Show archive.org snapshot
Posted by Claus-Theodor Riegg to makandra dev (2015-11-25 11:13)