tcprstat

Support pcap filter expressions

Bug #632489 reported by Kristian Köhntopp
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tcprstat
New
Undecided
Unassigned

Bug Description

I have a SPAN port where 3 different master databases have their traffic replicated. If I could listen to the span port by specifying the interface, I'd still need to be able to select traffic with an expression such as 'port 3306 and host one-masters-hostname'. This would also make the --port option obsolete.

Revision history for this message
Baron Schwartz (baron-xaprb) wrote :

Ignacio, how hard is it to add support for expressions like tcpdump? If we could do that, then the tool would be more familiar and easier to use, in my opinion.

summary: - mission option to give pcap filter expression
+ Support pcap filter expressions
Revision history for this message
Baron Schwartz (baron-xaprb) wrote :

I think that if we have arbitrary support for pcap expressions, it's hard to specify how the tool should decide what is inbound and what is outbound (what's a request vs a response), so it's hard to understand how to measure the response times then. I am interested in anyone's ideas about this.

Revision history for this message
Kristian Köhntopp (kris-launchpad) wrote :

The -l option makes it pretty clear what is local.

You could also collect the addresses from all local interfaces (that may be very many) and build the -l list from these.

Revision history for this message
Baron Schwartz (baron-xaprb) wrote :

It's a pretty painful thought to consider a web server that is connecting to 50 database servers, and discovering all those and typing in their IPs. Maybe we should have a -r option that specifies to reverse the local-ness: all the IP addresses specified in -l, or gathered by looking at the local devices, are considered to be remote, i.e. the source of requests, not the target of the requests.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.