|
 |
93eced |
From 65797f43b430cf9aaa3da446e96e73f913231f1f Mon Sep 17 00:00:00 2001
|
|
|
93eced |
From: Daniel Borkmann <daniel@iogearbox.net>
|
|
|
93eced |
Date: Wed, 27 May 2015 12:36:03 +0200
|
|
|
93eced |
Subject: [PATCH 4/4] netsniff-ng: add example for fanout into man page
|
|
|
93eced |
|
|
|
93eced |
Upstream commit: d0677020ce89fc087925467480d75428df52dc95
|
|
|
93eced |
|
|
|
93eced |
--
|
|
|
93eced |
|
|
|
93eced |
netsniff-ng: add example for fanout into man page
|
|
|
93eced |
|
|
|
93eced |
Add an example, so users can easily adapt and move on from that.
|
|
|
93eced |
|
|
|
93eced |
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
|
|
|
93eced |
---
|
|
|
93eced |
netsniff-ng.8 | 13 ++++++++++++-
|
|
|
93eced |
1 file changed, 12 insertions(+), 1 deletion(-)
|
|
|
93eced |
|
|
|
93eced |
diff --git a/netsniff-ng.8 b/netsniff-ng.8
|
|
|
93eced |
index 3d97f0d..fe8947d 100644
|
|
|
93eced |
--- a/netsniff-ng.8
|
|
|
93eced |
+++ b/netsniff-ng.8
|
|
|
93eced |
@@ -311,7 +311,7 @@ filter HTTP traffic. Super jumbo frame support is automatically enabled and
|
|
|
93eced |
only print human readable packet data to the terminal, and also be more
|
|
|
93eced |
verbose during setup phase. Moreover, dump a BPF disassembly of http.bpf.
|
|
|
93eced |
.PP
|
|
|
93eced |
-.SS netsniff-ng --in dump.pcap --out dump.cfg --silent
|
|
|
93eced |
+.SS netsniff-ng --in dump.pcap --out dump.cfg --silent
|
|
|
93eced |
Convert the pcap file dump.pcap into a trafgen(8) configuration file dump.cfg.
|
|
|
93eced |
Do not print pcap contents to the terminal.
|
|
|
93eced |
.PP
|
|
|
93eced |
@@ -340,6 +340,17 @@ setup and teardown). netsniff-ng can then make use of the nlmon device as
|
|
|
93eced |
an input device. In this example a pcap file with netlink traffic is being
|
|
|
93eced |
recorded.
|
|
|
93eced |
.PP
|
|
|
93eced |
+.SS netsniff-ng --fanout-group 1 --fanout-type cpu --fanout-opts defrag --bind-cpu 0 --notouch-irq --silent --in em1 --out /var/cap/cpu0/ --interval 120sec
|
|
|
93eced |
+.SS netsniff-ng --fanout-group 1 --fanout-type cpu --fanout-opts defrag --bind-cpu 1 --notouch-irq --silent --in em1 --out /var/cap/cpu1/ --interval 120sec
|
|
|
93eced |
+Starts two netsniff-ng fanout instances. Both are assigned into the same fanout
|
|
|
93eced |
+group membership and traffic is splitted among them by incoming cpu. Furthermore,
|
|
|
93eced |
+the kernel is supposed to defragment possible incoming fragments. First instance
|
|
|
93eced |
+is assigned to CPU 0 and the second one to CPU 1, IRQ bindings are not altered as
|
|
|
93eced |
+they might have been adapted to this scenario by the user a-priori, and traffic
|
|
|
93eced |
+is captured on interface em1, and written out in 120 second intervals as pcap
|
|
|
93eced |
+files into /var/cap/cpu0/. Tools like mergecap(1) will be able to merge the cpu0/1
|
|
|
93eced |
+split back together if needed.
|
|
|
93eced |
+.PP
|
|
|
93eced |
.SH CONFIG FILES
|
|
|
93eced |
.PP
|
|
|
93eced |
Files under /etc/netsniff-ng/ can be modified to extend netsniff-ng's
|
|
|
93eced |
--
|
|
|
93eced |
2.5.5
|
|
|
93eced |
|