tcpdump 数据 远程发送(收集)
http://www.tcpdump.org/related.html
ECap
https://bitbucket.org/nathanj/ecap/wiki/Home
Ecap (external capture) is a distributed network sniffer with a web front-end.
Ecap was written many years ago in 2005, but a post on the tcpdump-workers mailing list requested a similar application… so here it is.
It would be fun to update it and work on it again if there’s any interest.
Tele Traffic Tapper
https://www2.sonycsl.co.jp/person/kjc/kjc/software.html#ttt
TTT: Tele Traffic Tapper
TTT is yet another descendant of tcpdump but it is capable of real-time, graphical, and remote traffic-monitoring. ttt won’t replace tcpdump, rather, it helps you find out what to look into with tcpdump. ttt monitors the network and automatically picks up the main contributors of the traffic within the time window. The graphs are updated every second by default.
https://www2.sonycsl.co.jp/person/kjc/kjc/software.html
Linux下NetFlow输出工具Fprobe
Fprobe通过libpcap监听数据并输出NetFlow格式到分析端,极大方便网络管理及监控。
Fprobe监听eth0数据并输出NetFlow到127.0.0.1:9995:
fprobe -i eth0 127.0.0.1:9995
NetFlow分析端可使用Nfsen,测试下是否有Netflow数据输出:
tcpdump -i lo -nn port 9995
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
14:49:33.004041 IP 127.0.0.1.57368 > 127.0.0.1.9995: UDP, length 1464
14:49:43.006334 IP 127.0.0.1.57368 > 127.0.0.1.9995: UDP, length 1464
14:49:48.003252 IP 127.0.0.1.57368 > 127.0.0.1.9995: UDP, length 264
14:49:53.002271 IP 127.0.0