From owner-freebsd-questions@FreeBSD.ORG Tue Jan 25 09:04:10 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41B9F16A4CE for ; Tue, 25 Jan 2005 09:04:10 +0000 (GMT) Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F0B143D1D for ; Tue, 25 Jan 2005 09:04:09 +0000 (GMT) (envelope-from dgl@kirk.dlee.org) Received: from kirk.dlee.org ([68.49.181.149]) by comcast.net (sccrmhc12) with ESMTP id <2005012509040701200fvqkke>; Tue, 25 Jan 2005 09:04:07 +0000 Received: from kirk.dlee.org (dgl@localhost.dlee.org [127.0.0.1]) by kirk.dlee.org (8.12.11/8.12.11) with ESMTP id j0P946OT050067 for ; Tue, 25 Jan 2005 04:04:06 -0500 (EST) (envelope-from dgl@kirk.dlee.org) Received: (from dgl@localhost) by kirk.dlee.org (8.12.11/8.12.11/Submit) id j0P946rY050066 for freebsd-questions@freebsd.org; Tue, 25 Jan 2005 04:04:06 -0500 (EST) (envelope-from dgl) Date: Tue, 25 Jan 2005 04:04:05 -0500 From: Doug Lee To: freebsd-questions@freebsd.org Message-ID: <20050125090405.GW46670@kirk.dlee.org> Mail-Followup-To: Doug Lee , freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: Bartimaeus Group User-Agent: Mutt/1.5.6i Subject: Any way to get an audio representation of packet flow? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Jan 2005 09:04:10 -0000 Ok, this may be odd to many, but here's what I want: I like tcpdump's powerful ways of selecting and analyzing specific portions of packet traffic, but I want a real-time way to represent the results. I am blind, so graphs don't help. Usually all I want to know is the pattern of packet match frequency vs. time, so a little click for each matching packet would translate nicely into what I'm looking for. My normal tactic involves directing output from tcpdump to /dev/audio or even /dev/pcaudio: tcpdump -l -n [... rules for traffic ...] >/dev/audio is the first trick I tried. Problem: It causes me to get kernel errors like "runt packet" and such, presumably because it adds too mmuch overhead to packet processing somehow. (This is a P166; maybe that problem wouldn't exist on faster hardware?) My next trick was like tcpdump -s 1 -w /dev/audio [... rules for traffic ...] No errors this time, but the output of -w is buffered regardless of -l (which normally makes a lot of sense, of course), so it wasn't very real-time. I currently run FreeBSD 4.10-STABLE, but I'd be interested in any solutions requiring 5.x features as well, for future planning. Please Cc me if you have any ideas. Thanks much. -- Doug Lee dgl@dlee.org http://www.dlee.org Bartimaeus Group doug@bartsite.com http://www.bartsite.com The very smart may feel they have nothing to learn from anyone; The very wise will find something to learn from everyone. (7/14/01)