I am looking for a tool which sniff all the traffic on an interface and produce a syslog like Cisco log in real time. Example :
Feb 16 10:19:05 tcp S.S.S.S(6083) -> D.D.D.D(80), 1 packet
Feb 16 10:19:07 tcp S.S.S.S(80) -> D.D.D.D(4662), 1 packet
Feb 16 10:19:11 igmp S.S.S.S -> 224.0.0.1, 1 packet
Feb 16 10:19:13 udp S.S.S.S(53) -> D.D.D.D(13341), 1 packet
Feb 16 10:19:13 icmpv6 FE80::660:2408:2:2 -> FF02::1 (134/0), 2 packets
In the example S.S.S.S are source IP address, D.D.D.D are destination IP address.
I try with tshark, but I can't do all the possibilities with the filters, because some times there is ports (for TCP or UDP), and sometimes not. It would be cool if we can have the L2 addresses too.
Do you have such tool in your box ? It should work on Debian Linux. It will be a daemon to capture all the traffic to text.
Thanks !