0

I am having an issue with my tcpdump command i have created. Chances are its wrong. What i want to do is this: Run this command:

tc qdisc add dev eth0 root tbf rate 6kbit latency 50ms burst 1540

run this tcpdump:

sudo tcpdump host wiki and wiki2 -c5 -vvv -w dump

Then alter the tc command to this and run it:

tc qdisc add dev eth0 root tbf rate 60kbit latency 50ms burst 1540

and run the same command:

sudo tcpdump host wiki and wiki2 -c5 -vvv -w dump

and dump the speed change.

What i am getting now shows nothing about this. Can i get some help writing the appropriate tcpdump command?

thanks, Pastelinux

John Riselvato
  • 153
  • 8
  • Oh? Well adding host between the two works! Now how do i read the output to show me that the packets take longer once i shape one of the hosts? – John Riselvato Nov 30 '10 at 18:33

1 Answers1

2

First, you're putting arguments after the filter expression. The expression should be last, e.g.

sudo tcpdump -c5 -vvv -w dump host wiki and wiki2

Second, "host wiki and wiki2" matches packets which contain both of the following:

  • An IPv4 or IPv6 source or destination of "wiki"
  • An IPv4 or IPv6 source or destination of "wiki2"

That is, traffic directly between "wiki" and "wiki2". You might have better luck with something like this:

sudo tcpdump -c5 -vvv -w dump host wiki or host wiki2
Gerald Combs
  • 6,331
  • 23
  • 35
  • Oh? Well adding host between the two works! Now how do i read the output to show me that the packets take longer once i shape one of the hosts? – John Riselvato Nov 30 '10 at 18:34
  • 1
    I would open it in Wireshark, go to "Statistics→Conversation List→TCP (IPv4 & IPv6)" and look at the last two (bps) columns. However, my opinion is biased in that regard. If you want to solve the problem using only tcpdump you could probably get useful information using the "-ttttt" flag. – Gerald Combs Nov 30 '10 at 18:53
  • yeah i wish it was as easy as using wireshark. the outcomes of this will be installed in a python script that automatically creates the tcpdump after i shape one of the hosts. – John Riselvato Nov 30 '10 at 18:58
  • 1
    Also, are you sure it wasn't changing the "and" to an "or" that fixed your problem? Does "tcpdump -d host wiki and wiki2" and "tcpdump -d host wiki and host wiki2" generate different output? If so there's a bug in libpcap on your system. – Gerald Combs Nov 30 '10 at 18:58
  • actually they show the exact thing. – John Riselvato Nov 30 '10 at 19:01
  • sudo tcpdump -c5 -w dump host wiki or host wiki2 doesn't work, i don't know why i thought it did before. weird. could have sworn it did. – John Riselvato Nov 30 '10 at 19:08
  • This is my script now: http://pastebin.com/1PZZhm68 – John Riselvato Dec 06 '10 at 19:21