tcpdump的侵入性如何? [英] How intrusive is tcpdump?

问题描述

我环顾四周，以查找有关tcpdump内部的文档，但是我什么都没找到.所以我的问题是计算机上tcpdump的侵入性如何.如何评估专用于流量分析的资源量(内存或cpu)?

I look around to find a documentation on tcpdump internals, but I did not found nothing yet. So my question is how intrusive is tcpdump on a computer. How to evaluate the amount of resources (memory or cpu) dedicated for the analysis of the traffic?

推荐答案

据我所读，tcpdump会根据您的要求使用它，这有点像变量.

As far as I read, tcpdump consume it's kinda variable depending what you're asking.

要查看您的tcpdump进程消耗了多少资源，只需观看系统监视器，例如top 高级手册.

To see how many resources your tcpdump process consumes just watch system monitor like top Top Manual.

如果网络流量很大，

tcpdump的输出可能会很大. 表达式定义为高带宽；特别是如果你是 捕获的数据包内容超过默认的68字节.

tcpdump output can be considerable if the network traffic your expression defines is high bandwidth; particularly if you are capturing more than the default 68 Bytes of packet content.

例如，捕获与大文件传输或传输相关的数据包 数以千计的客户端正在积极使用Web服务器 将产生大量的输出.如果写这个输出 到stdout，您可能无法在您的计算机中输入命令 终端，如果要写入文件，则可能会耗尽主机的磁盘空间. 无论哪种情况，tcpdump都可能会消耗大量CPU 和内存资源.

Capturing packets, for example, related to a large file transfer or a web server being actively used by hundreds or thousands of clients will produce an overwhelming amount of output. If writing this output to stdout you will probably be unable to enter commands in your terminal, if writing to a file you may exhaust the host’s disk space. In either case tcpdump is also likely to consume a great deal of CPU and memory resources.

为避免这些问题；

• 在指定表达式时要非常小心，并尝试使其尽可能具体.
• 在流量/负载大的时候不要捕获.
• 如果要捕获整个数据包内容，请执行一次测试捕获，仅首先捕获默认的68Bytes并做出判断.
  系统是否将处理完整的数据包内容捕获.
• 在写入磁盘时，请仔细监视文件的大小，并确保所讨论的主机具有可能的磁盘资源 必需的可用值，或使用-c参数限制 捕获的数据包.
• 切勿使用会捕获到或来自远程telnet/SSH/任何终端/shell的流量的表达式. tcpdump输出 会为您的终端产生流量，从而进一步 输出，导致更多流量进入您的终端，依此类推 一个无限且可能有害的反馈循环.

• Be very careful when specifying expressions and try to make them as specific as possible.
• Don’t capture during times of heavy traffic/load.
• If you wish to capture entire packet contents, do a test capture only capturing the default 68Bytes first and make a judgement on
  whether the system will cope with the full packet content capture.
• Where writing to disk, carefully monitor the size of the file and make sure the host in question has the likely disk resources required available, or use the -c parameter to limit the number of packets captured.
• Never use an expression that would capture traffic to or from your remote telnet/SSH/whatever terminal/shell. tcpdump output would generate traffic to your terminal, resulting in further output, resulting in more traffic to your terminal and so on in an infinite and potentially harmful feedback loop.

来源: Tcpdump-基础

这篇关于tcpdump的侵入性如何?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！