⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 gulpman.html

📁 改善linux指令 "tcpdump" 效能的免費open source程式
💻 HTML
📖 第 1 页 / 共 2 页
字号:
🔍
12 
       <B><FONT COLOR=#0000ff>-C</B></FONT> <B><FONT COLOR=#ff0000>#</B></FONT>   When using the -o option above, start a new pcap file  when  the              old  one reaches about # times the size of the ring buffer.  The              default value is 10 and the default ring buffer size is 100MB so              by  default,  pcap  files will grow to about 1000MB before a new              one is started.  Since some programs read an  entire  pcap  file              into  memory when using it, splitting the output into chunks can              be helpful.       <B><FONT COLOR=#0000ff>-W</B></FONT> <B><FONT COLOR=#ff0000>#</B></FONT>   Specifies a maximum number of pcap files to create before  over-              writing  them.   The  default  is to never overwrite them.  This              option allows capturing indefinitely (waiting for a  problem  to              occur) with finite disk space.<B><FONT COLOR=#0000ff>OTHER</B></FONT> <B><FONT COLOR=#0000ff>OPTIONS</B></FONT>       <B><FONT COLOR=#0000ff>-B</B></FONT>     This  option  is  of academic interest only.  It enables code to              check before each write whether select(2) thinks the write would              block.   When  <B><FONT COLOR=#0000ff>Gulp</B></FONT> exits, it announces whether any writes would              have blocked.  On linux, no matter how long writes to disk actu-              ally  take,  select(2)  never says they will block.  If you pipe              the output of <B><FONT COLOR=#0000ff>Gulp</B></FONT> through cat before writing  to  disk,  select              <B><FONT COLOR=#ff0000>will</B></FONT> detect writes to the pipe would block.       <B><FONT COLOR=#0000ff>-Y</B></FONT>     This  option  is  of academic interest only.  Writes which would              block are deferred until select(2) says they won't block.<B><FONT COLOR=#0000ff>EXAMPLES</B></FONT>       In the examples below, the ellipsis (<B><FONT COLOR=#ff0000>...</B></FONT>)  refers  to  Berkeley  Packet       Filter (pcap) expressions, such as "<B><FONT COLOR=#0000ff>host</B></FONT> <B><FONT COLOR=#0000ff>foo".</B></FONT>       1) reduce packet loss of a tcpdump packet capture:          (gulp -c works in any pipeline as it does no data interpretation)            <B><FONT COLOR=#0000ff>tcpdump</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-w</B></FONT> <B><FONT COLOR=#0000ff>-</B></FONT> <B><FONT COLOR=#ff0000>...</B></FONT> <B><FONT COLOR=#0000ff>|</B></FONT> <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-c</B></FONT> <B><FONT COLOR=#0000ff>&gt;</B></FONT> <B><FONT COLOR=#ff0000>pcapfile</B></FONT>          or if you have more than 2, run tcpdump and gulp on different CPUs            <B><FONT COLOR=#0000ff>taskset</B></FONT> <B><FONT COLOR=#0000ff>-c</B></FONT> <B><FONT COLOR=#0000ff>2</B></FONT> <B><FONT COLOR=#0000ff>tcpdump</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-w</B></FONT> <B><FONT COLOR=#0000ff>-</B></FONT> <B><FONT COLOR=#ff0000>...</B></FONT> <B><FONT COLOR=#0000ff>|</B></FONT> <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-c</B></FONT> <B><FONT COLOR=#0000ff>&gt;</B></FONT> <B><FONT COLOR=#ff0000>pcapfile</B></FONT>          (gulp uses CPUs #0,1 so use #2 for tcpdump to reduce interference)       2) same as above but more efficiently using gulp itself to capture:            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-f</B></FONT> <B><FONT COLOR=#0000ff>"</B></FONT><B><FONT COLOR=#ff0000>...</B></FONT><B><FONT COLOR=#0000ff>"</B></FONT> <B><FONT COLOR=#0000ff>&gt;</B></FONT> <B><FONT COLOR=#ff0000>pcapfile</B></FONT>       3) capture and decapsulate an ERSPAN feed and save the result to disk:            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-d</B></FONT> <B><FONT COLOR=#0000ff>&gt;</B></FONT> <B><FONT COLOR=#ff0000>pcapfile</B></FONT>       4) capture, decapsulate and then filter with tcpdump before saving:            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-d</B></FONT> <B><FONT COLOR=#0000ff>|</B></FONT> <B><FONT COLOR=#0000ff>tcpdump</B></FONT> <B><FONT COLOR=#0000ff>-r</B></FONT> <B><FONT COLOR=#0000ff>-</B></FONT> <B><FONT COLOR=#0000ff>-s0</B></FONT> <B><FONT COLOR=#0000ff>-w</B></FONT> <B><FONT COLOR=#ff0000>pcapfile</B></FONT> <B><FONT COLOR=#ff0000>...</B></FONT>          or if you have more than 2 CPUs            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-d</B></FONT> <B><FONT COLOR=#0000ff>|</B></FONT> <B><FONT COLOR=#0000ff>taskset</B></FONT> <B><FONT COLOR=#0000ff>-c</B></FONT> <B><FONT COLOR=#0000ff>2</B></FONT> <B><FONT COLOR=#0000ff>tcpdump</B></FONT> <B><FONT COLOR=#0000ff>-r</B></FONT> <B><FONT COLOR=#0000ff>-</B></FONT> <B><FONT COLOR=#0000ff>-s0</B></FONT> <B><FONT COLOR=#0000ff>-w</B></FONT> <B><FONT COLOR=#ff0000>pcapfile</B></FONT> <B><FONT COLOR=#ff0000>...</B></FONT>       5) capture everything to disk; then decapsulate offline:            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>&gt;</B></FONT> <B><FONT COLOR=#ff0000>pcapfile1</B></FONT><B><FONT COLOR=#0000ff>;</B></FONT> <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-d</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#0000ff>-</B></FONT> <B><FONT COLOR=#0000ff>&lt;</B></FONT> <B><FONT COLOR=#ff0000>pcapfile1</B></FONT> <B><FONT COLOR=#0000ff>&gt;</B></FONT> <B><FONT COLOR=#ff0000>pcapfile2</B></FONT>       6) capture, decapsulate and then filter with ngrep:            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-d</B></FONT> <B><FONT COLOR=#0000ff>|</B></FONT> <B><FONT COLOR=#0000ff>ngrep</B></FONT> <B><FONT COLOR=#0000ff>-I</B></FONT> <B><FONT COLOR=#0000ff>-</B></FONT> <B><FONT COLOR=#0000ff>-O</B></FONT> <B><FONT COLOR=#ff0000>pcapfile</B></FONT> <B><FONT COLOR=#ff0000>regex</B></FONT> <B><FONT COLOR=#ff0000>...</B></FONT>       7) capture, decapsulate and feed into ntop:            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-d</B></FONT> <B><FONT COLOR=#0000ff>|</B></FONT> <B><FONT COLOR=#0000ff>ntop</B></FONT> <B><FONT COLOR=#0000ff>-f</B></FONT> <B><FONT COLOR=#0000ff>/dev/stdin</B></FONT> <B><FONT COLOR=#0000ff>-m</B></FONT> <B><FONT COLOR=#ff0000>a.b.c.d/x</B></FONT> <B><FONT COLOR=#0000ff>...</B></FONT>          or if using ntop's -u flag:            <B><FONT COLOR=#0000ff>mkfifo</B></FONT> <B><FONT COLOR=#ff0000>pipe</B></FONT><B><FONT COLOR=#0000ff>;</B></FONT> <B><FONT COLOR=#0000ff>chmod</B></FONT> <B><FONT COLOR=#0000ff>644</B></FONT> <B><FONT COLOR=#ff0000>pipe</B></FONT>   # the first time only            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-d</B></FONT> <B><FONT COLOR=#0000ff>&gt;</B></FONT> <B><FONT COLOR=#ff0000>pipe</B></FONT> <B><FONT COLOR=#0000ff>&amp;</B></FONT> <B><FONT COLOR=#0000ff>ntop</B></FONT> <B><FONT COLOR=#0000ff>-u</B></FONT> <B><FONT COLOR=#ff0000>ntop</B></FONT> <B><FONT COLOR=#0000ff>-f</B></FONT> <B><FONT COLOR=#ff0000>pipe</B></FONT> <B><FONT COLOR=#0000ff>-m</B></FONT> <B><FONT COLOR=#ff0000>a.b.c.d/x</B></FONT> <B><FONT COLOR=#0000ff>...</B></FONT>       8) capture, decapsulate and feed into WireShark:            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-d</B></FONT> <B><FONT COLOR=#0000ff>|</B></FONT> <B><FONT COLOR=#0000ff>/usr/sbin/wireshark</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#0000ff>-</B></FONT> <B><FONT COLOR=#0000ff>-k</B></FONT>       9) capture to 1000MB files, keeping just the most recent 10 (files):            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>-C</B></FONT> <B><FONT COLOR=#0000ff>10</B></FONT> <B><FONT COLOR=#0000ff>-W</B></FONT> <B><FONT COLOR=#0000ff>10</B></FONT> <B><FONT COLOR=#0000ff>-o</B></FONT> <B><FONT COLOR=#ff0000>pcapdir</B></FONT>          or with help from tcpdump:            <B><FONT COLOR=#0000ff>gulp</B></FONT> <B><FONT COLOR=#0000ff>-i</B></FONT> <B><FONT COLOR=#ff0000>eth1</B></FONT> <B><FONT COLOR=#0000ff>|</B></FONT> <B><FONT COLOR=#0000ff>taskset</B></FONT> <B><FONT COLOR=#0000ff>-c</B></FONT> <B><FONT COLOR=#0000ff>2</B></FONT> <B><FONT COLOR=#0000ff>tcpdump</B></FONT> <B><FONT COLOR=#0000ff>-r-</B></FONT> <B><FONT COLOR=#0000ff>-C</B></FONT> <B><FONT COLOR=#0000ff>1000</B></FONT> <B><FONT COLOR=#0000ff>-W</B></FONT> <B><FONT COLOR=#0000ff>10</B></FONT> <B><FONT COLOR=#0000ff>-w</B></FONT> <B><FONT COLOR=#ff0000>pcapname</B></FONT><B><FONT COLOR=#0000ff>BUGS</B></FONT>       On  some systems, one interrupt may not break out of the pcap library's       inner packet capture loop (if no packets  arrive  matching  the  filter       expression).  In that case, a second interrupt should do the trick.       On  a  busy network, Gulp may drop a few packets at startup while it is       initializing.  This makes Gulp look bad but is probably not  a  problem       in practice.<B><FONT COLOR=#0000ff>AUTHOR</B></FONT>       Written by Corey Satten, corey @ u.washington.edu       See  <B><FONT COLOR=#0000ff>http://staff.washington.edu/corey/gulp/</B></FONT>  for  more information and       the latest version.       This manpage corresponds to Gulp version 1.58.<B><FONT COLOR=#0000ff>COPYRIGHT</B></FONT>       Copyright (C) 2007 University of Washington<B><FONT COLOR=#0000ff>LICENSE</B></FONT>       Licensed under the Apache License, Version 2.0 (the "License"); you may       not  use  this  file  except  in  compliance with the License.  You may       obtain a copy of the License at           http://www.apache.org/licenses/LICENSE-2.0       Unless required by applicable law or agreed  to  in  writing,  software       distributed under the License is distributed on an "AS IS" BASIS, WITH-       OUT WARRANTIES OR CONDITIONS OF ANY KIND, either  express  or  implied.       See  the  License  for  the specific language governing permissions and       limitations under the License.<B><FONT COLOR=#0000ff>SEE</B></FONT> <B><FONT COLOR=#0000ff>ALSO</B></FONT>       <B><FONT COLOR=#0000ff>tcpdump(8),</B></FONT> <B><FONT COLOR=#0000ff>wireshark(1),</B></FONT> <B><FONT COLOR=#0000ff>ngrep(8),</B></FONT>  <B><FONT COLOR=#0000ff>tcptrace(1),</B></FONT>  <B><FONT COLOR=#0000ff>tcpflow(1),</B></FONT>  <B><FONT COLOR=#0000ff>ntop(8)</B></FONT>       <B><FONT COLOR=#0000ff>taskset(1)</B></FONT> and <B><FONT COLOR=#0000ff>pcap(3).</B></FONT>Gulp 1.0                           Jun 2007                            GULP(1)</PRE></BODY></HTML>
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -