Score:0

How to set tcpdump sample rate

cn flag

I would like to be able to use tcpdump (or a similar tool) to log traffic on a busy host, but instead of logging every packet that passes my ip/host/port/etc filters, only log with some specified sampling rate - e.g. at most one packet per second or every nth packet.

Looking at tcpdump options the closest to my goal that I see is to use -c option, that makes tcpdump quit after x packets are captured, in conjunction with cron. This wouldn't give me exactly what I want, as say with -c 100 I might still get 100 packets in a single second, then nothing until cron starts new instance of tcpdump, and it would also create new log file for every tcpdump instantiation - say one file every 5 seconds if I set cron to start tcpdump every 5 seconds - acceptable, but not ideal.

Is there some better alternative I am missing? tcpdump version 5.0.0-PRE-GIT appears to have --print-sampling nth option ( https://www.tcpdump.org/manpages/tcpdump.1.html ) that looks promising, but I can't find any download location for v5.0 - latest version available on my system is 4.99

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.