tcpflow icon indicating copy to clipboard operation
tcpflow copied to clipboard
verified publisher icon simsong

[enhancement request] add functionality similar to "tcpdump -c count"

Open christias opened this issue 11 years ago • 3 comments

Hello,

We usually use tcpflow in our transparent proxy during DDoS attacks in order to understand the nature of the attacks. In such cases having an option like the "-c count" of tcpdump would help us a lot.

Thank you, Panos

christias avatar Mar 21 '14 11:03 christias

Sure. What would you like the option to do? DO you want to implement it?

On Mar 21, 2014, at 7:04 AM, christias [email protected] wrote:

Hello,

We usually use tcpflow in our transparent proxy during DDoS attacks in order to understand the nature of the attacks. In such cases having an option like the "-c count" of tcpdump would help us a lot.

Thank you, Panos

— Reply to this email directly or view it on GitHub.

simsong avatar Mar 21 '14 12:03 simsong

It would exit tcpflow after receiving a specified number of packets or number of flows etc. More or less like taking a traffic sample and without requiring human intervention.

I could try implementing it, time permitting.

christias avatar Mar 21 '14 14:03 christias

-c is already used for another option.

On Mar 21, 2014, at 7:04 AM, christias [email protected] wrote:

Hello,

We usually use tcpflow in our transparent proxy during DDoS attacks in order to understand the nature of the attacks. In such cases having an option like the "-c count" of tcpdump would help us a lot.

Thank you, Panos

— Reply to this email directly or view it on GitHub.

simsong avatar Mar 22 '14 00:03 simsong