However, for performance requirement, I cannot afford to let tcpdump output every single packet's payload and then look for HTTP GET.
I understand that many folks on this site recommends tcpdump as an alternative to tshark. Note that I need to analyse each packet on-the-fly, so ring buffer is not an option either. For example, if I run tshark for 10 minutes on my server, its RAM usage will reach 4GB (according to "top"). I just discovered that tshark's memory footprint keeps increasing (which has been extensively discussed on this site), which makes it unsuitable for long-term running (months). I need to see each data packet that is sent from the server:8080 to any client (most likely with a length of 1516 bytes).I need to identify packets that contain an HTTP GET request.The requirements that made me chose tshark are: The tshark command I'm using is: tshark -B 40 -i any -l -f tcp -t e -n -Y tcp.port=8080 The network topology is that dozens of clients request HTTP content from a server, and I'm running the program on the server:8080. Hi, I have developed a Java program, and one of its threads runs a tshark command and listens on its command-line output and performs analysis in real time.
0 kommentar(er)
