hello, using tcpdump i would like to filter the responses that comes back from a squid cache server to only the responses that came back from the cache. that means that i need to filter according to the X-CACHE header value, if it's value is HIT, i should show it, otherwise the response is not from the cache. any idea what should my tcpdump filter be ?
-
It appears tcpdump can only match packet content for certain bytes, not arbitrarily search a packet for a string. Look at this advanced filter list for some guidance.
A workaround: If you add
-s0 -A -w -(show entire packets, ASCII, write to standard output) to your tcpdump params, you can then use grep with some context to show only the packets that show where X-Cache: HIT.: wont help me, since i wrote my own program using pcap lib, that listen on my interfaces, and uses the same filters as tcpdump does, once i'll have the correct filter in tcpdump, i'll use it in my own program. i cant do grep inside my program or parse the packet content my self, since it badly hurts my performance, i was wondering if the tcpdump.From crb -
Have you considered using ngrep instead of tcpdump?
: no can do. the problem is that i am not using tcpdump, i am using my own executable that uses the pcap to monitor the traffic. in my own executable i can use the same filter as i use in tcpdump. ngrep or any other grep's wont help me.From Janne Pikkarainen
0 comments:
Post a Comment