Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need a service-monitor-application that works by sniffing the traffic between a user and a server that offers a service.
The point is to detect a specific request to the server from the user, and then detect the related response from the server to the user. By this i should be possible to register the response-time of the server, without forcing unnecessary test-traffic on the server.
Do anyone know an application there would be able to do this?
Distribution: approximately NixOS (http://nixos.org)
Posts: 1,900
Rep:
Is the traffic TCP or UDP? Anyway, try any general packet sniffer, I use Wireshark and it is enough for your task (as you describe it). It will give you list of packets; you can first have only packets which go to the IP address of the server and have correct port number. If the protocol is known to Wireshark you can filter on its field, else "data contains .. " can help you further filtering. Then I hope it is reasonable to assume that you are in the place you need - you can now add filter on client port also and have the traffic of this conversation for inspection.
offhand i'm not aware of anythign tailor made for this purpose... well actually I do if you have $60,000 to spare... http://f5.com but in the GPL world, you can probably just use something like ngrep. this will let you watch packets and grep against the payload for whatever. i guess you could run two instances, each watching traffic in different directions for different strings and write th data to a log file for interpretation or such?
ngep could seem like a part of the solution to my problem. It seems like I would have to do some work to make it a solution to my challenge, but it might be possible.
The collected data would also have to be updated to a database in order to generate day/week/month statistics on the provided service.
Any ideas for a solution to this?
I think that Wireshark could be a help, but not a part of the solution since I need data-collection and not data-analysis.
The question is still open but for now thanks for your replies...
well it depends how you want to control this database... if you just want to store the events to a table rather than a file, then it's easy to pipe data from ngreap into the mysql or postgresql client... a slightly slicker developement would probably be to log the data to syslog and then use a decent syslog engine like syslog-ng to take care of putting the data into a database. what you then do with that data is your own business...
thinking about it now, instead of ngrep, you might prefer to look at the string module for iptables which will also give you the ability to notice strings of data as the fly through the box. just use the LOG target and instantly they're off to syslog, where, as above, you can push them wherever you want. http://www.securityfocus.com/infocus/1531
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.