The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > IP Networking
Reload this Page tcpdump question
Google UNIX.COM
Forums Directory Register Forum Rules FAQContribute Members List Search Today's Posts Mark Forums Read



Thread: tcpdump question
View Single Post in UNIX Forums - Click on the Thread or Permalink to View Entire Thread -->
  #1 (permalink)  
Old 01-17-2008
jinsunnyvale jinsunnyvale is offline
Registered User
  

Join Date: Jan 2008
Posts: 1
tcpdump question
Hi, I got the following question regarding tcpdump and I would appreciate your help/feedback:

--Scenario
I am instructed to capture the network traffic by getting the tcpdump data/files of our network for every hour.

--Problem
Some of the connections are still open when the capture is done at the end of 30 minutes. How do I link these open connections in different tcpdump files?

--example
Connection A: 192.168.10.1:1686 --> 192.168.10.22:139
connection A starts: 12:25
connection A ends: 12:45
Data capture: 12:00-12:30 (file1), 12:30-1:00 (file2)

Will there be two connections (for connection A) -- one in file1, the other in file2? Will their connection start time be the SAME or DIFFERENT?

Please help!!

Thanks!!

Jay
Reply With Quote
Remove advertisements
!!
Forum Sponsor