HPE Community
Operating System - HP-UX
1830018 Members
2167 Online
109998 Solutions
New Discussion

Monotoring just one specific port number

 
SOLVED
Go to solution
Nicolas Dumeige
Esteemed Contributor

‎02-19-2004 08:54 PM

‎02-19-2004 08:54 PM

Monotoring just one specific port number

Hi,

I need to monitor network traffic on a specific port number (Apache using mod_gzip).

What option do I have to do so ?

Thanks for your help,

Nicolas
All different, all Unix
0 Kudos
Reply
5 REPLIES 5
Elmar P. Kolkman
Honored Contributor

‎02-19-2004 09:20 PM

‎02-19-2004 09:20 PM

Re: Monotoring just one specific port number

tcpdump is able to dump only a specific port... but then you need a machine running tcpdump. Or install tcpdump on your webserver.

Or, if you only want to see what connections are in use, you could use netstat or lsof.
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Nicolas Dumeige
Esteemed Contributor

‎02-19-2004 09:56 PM

‎02-19-2004 09:56 PM

Re: Monotoring just one specific port number

In order to use tcpdump, is-it necessary to put the network card in promiscuous mode ?

What tool would you use to deal with tcpdump output ?

Wouldn't it be possible to use some kind of sniffer to get directly some humane readble output ?

Again, thanks for you advices
All different, all Unix
0 Kudos
Reply
Elmar P. Kolkman
Honored Contributor

‎02-19-2004 10:09 PM

‎02-19-2004 10:09 PM

Re: Monotoring just one specific port number

It depends on the human... I can read tcpdump output quite well, depending on the speed of the traffic...
tcpdump is a kind of sniffer. I don't think you need to set the card in promiscuous mode if you run the tcpdump on the apache server.

When defining the right parameters, you get only the info you want and not anything else. If you still get too much, awk, grep or perl are tools to filter out the information you want, I guess.
Every problem has at least one solution. Only some solutions are harder to find.
0 Kudos
Reply
Suresh Patoria
Super Advisor

‎02-19-2004 11:16 PM

‎02-19-2004 11:16 PM

Re: Monotoring just one specific port number

Hi,

netstat my help u to monitor the port

Thanx
0 Kudos
Reply
Todd Whitcher
Esteemed Contributor

‎02-19-2004 11:57 PM

‎02-19-2004 11:57 PM

Solution

Re: Monotoring just one specific port number

To Monitor the port, tcpdump is a good tool.

You can capture the traffic with the HP network tracer nettl.

For what you need I think ethereal is your best option, unless you have a sniffer.

For 11.11 HP Packages ethereal with the libraries you need in the Internet Express software package version 2.

You can download that here:
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1123

For other opertaing system versions you can get it at www.ethereal.com it has several library dependencies.

Its gui based similar to netmon if you have ever used that.

What you would want to do is set up a capture filter and file then start capturing data on your interface. You will want to change the capture options to
capture packets in promiscuous mode
Update list of packets in real time
Automatic scrolling in live capture

The filter would be something like this.

tcp.port == 80

That equals tcp source or destination port 80 is present. Figure out which port you need to capture and if its TCP or UDP or both. Then set up your filter file and save it. You can reference saved filters when you start the capture.



more info at www.ethereal.com

You can get tcpdump here

http://gatekeep.cs.utah.edu/hppd/cgi-bin/search


Hope that helps,

Todd

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.